US auction site eBay has announced a substantial data breach, and the leak of personal customer information including names, passwords, physical addresses and phone numbers.
Cyber attackers breached the network through a small number of compromised employee log-in details. These details allowed the attackers to access eBay's corporate network and retrieve sensitive information.
The database was breached between late February and March of this year, with eBay discovering the compromised employee details two weeks ago.
Following the discovery, a forensics investigation was carried out to identify the cause of the breach.
A media release from eBay explained that users would be notified of the breach via email and other marketing channels.
"[We have] seen no indication of increased fraudulent account activity on eBay, […] unauthorised access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted," a release from the company stated.
Companies holding customer information need to put additional levels of security in place, to avoid the chance of a data breach occurring.
Along with security systems, comprehensive security audits can identify flaws within a company network.
Data breaches at major enterprises like eBay serve to demonstrate that no business is safe from the threat of cyber criminals.