Earlier this morning, news began to trickle out that something happened at eBay. A press release has now confirmed it: There has been a massive data breach at the online auction and shopping giant.

BGR.com may have been first to report it, advising readers to change passwords on their eBay accounts after an alert blogger noticed that Paypal, the payment service owned by eBay, had posted a headline “eBay Inc. To Ask All eBay Users To Change Passwords.” The body of the text simply said “Placeholder text.”

Massive Breach?

The Verge soon after reported that the massive breach involved all 112 million users of the site.

A company press release said that the attack began with “a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network” and that the company will begin notifying users by email later today. The affected database was compromised between late February and early March, and included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.

What They Got

The breach could mean serious trouble for millions of users, since the information could be deployed in a variety of identity-related crimes.

The press release says, “the database did not contain financial information or other confidential personal information” and that there did not appear to be an uptick in suspicious activity on the site. The release also says Paypal was unaffected.

Still the breach should be taken seriously. The cyberattack yielded eBay users’ encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth–everything an identity thief could possibly want, minus a Social Security number. Whoever has the data now, holds an option on the personal finances of millions of eBay users. If you use the site and are just seeing news of this now, get on eBay and change your passwords now.

You might also want to check your credit profile to make sure you haven’t been compromised in that arena.