eBay been hit by a huge cyberattack that compromised its main database holding user passwords.

The origin of the breach comes from hackers compromising a small number of employee log-in credentials, which gave access to eBay’s corporate network, says Forbes. eBay says it is working with law enforcement and leading security experts to “aggressively” investigate the matter.

According to Forbes, the breach took place beween late February and early March and was not detected until two weeks ago. The hackers gained access to information including eBay customers’ names, their encrypted passwords, email, registered addresses, phone numbers and date of birth, Forbes said.

The database did not hold financial information as that is stored separately. It has not seen any evidence of a rise in fraudulent activity or additional attempts to gain entry to Paypal, according to Forbes.

eBay is is advising that users employing the same password across eBay and other sites should also change those passwords.