The California company said it was notifying its customers, urging them to change passwords to protect their personal and financial information.

An eBay statement said the database was compromised between late February and early March and “included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth”.

But it added that it “did not contain financial information or other confidential personal information”.

The attack did not affect data from PayPal, the finance and payments unit of the company because PayPal data is stored separately, said eBay spokesperson Kari Ramirez.

“For the time being, we cannot comment on the specific number of accounts impacted,” said Ms Ramirez.

“However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords.”

Potentially affecting eBay’s 128 million active users globally, the attack could be one of the largest affecting a retailer.

It come after retail giant Target disclosed a security breach which could affect more than 100 million customers.

eBay detected “compromised employee login credentials” about two weeks ago and began an investigation, it said.

“Cyberattackers compromised a small number of employee login credentials, allowing unauthorised access to eBay’s corporate network,” the company said.

Target has been dealing with the fallout from its massive data breach since news was disclosed in December.

Earlier this month, Target chief executive Gregg Steinhafel announced he was stepping down after the incident.

In its fourth-quarter report, Target booked a $US17 million ($18.3 million) net charge for the breach, but warned it could not estimate future costs that might stem from claims for customer losses and payments for civil litigation and investigations.