''We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace,'' reads a company statement. EBay is encouraging people who used the same password on other sites to change those credentials as well. The company says it has seen no proof of unauthorised access to PayPal, its online payment service. ''PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted,'' says the company. While eBay has downplayed the breach because it didn't include financial information, the loss of an unknown number of passwords has the potential to compromise all websites, not just eBay, security experts say. That is because many consumers use the same password on multiple sites. ''The attackers will quickly take over accounts across the web wherever a user reused their username and password on another site,'' said Michael Coates, director of product security at Shape Security in Mountain View, California.

EBay also was using a more easily cracked method for protecting the passwords it kept on file. There are two commonly used ways to secure passwords, encryption and hashing. EBay was using encryption, which is the more easily broken, said Mr Coates. ''Encryption allows eBay, or anyone who access the decryption key, to decrypt and see your actual password. Password hashing allows eBay to check if the password you enter is correct or not, but doesn't allow eBay [or hackers] to get the plaintext of your actual password,'' he said. The compromise, which happened between late February and early March, resulted from a cyber attack targeting a small group of employee log-in credentials. Emails will go out to users to request changes to their passwords. The company says it will also employ additional security measures. Forrester analyst Tyler Shields says it is concerning that it took eBay until earlier this month to uncover the breach. ''From late February and March to just about two weeks ago is a lot of time for an attacker to be roaming around your network and systems.'' Trey Ford, security strategist with Rapid7, says attackers could use information taken from the database to pose as legitimate company representatives. ''Users should be wary of anyone contacting them claiming to be eBay or any other company for that matter,'' says Ford. ''Expect an uptick in phishing, do not click links in email, or discuss anything over the phone.''

The eBay breach is the latest in a series of attacks targeting customer data. Earlier this month, Target chief executive Gregg Steinhafel stepped down months after hackers swiped the financial information of 40 million customers. In April, AOL confirmed its email service had been hacked, with users complaining their accounts were sending spam to contacts. Eric Chiu, president and co-founder of security firm HyTrust, says this cyber attack is more proof high-profile breaches like eBay and Target are occurring more frequently. ''This is another wake-up call that organisations need to take an 'inside-out' approach to security and assume the bad guy is already on their network.'' Loading MCT Follow IT Pro on Twitter