The auction website says details including customers' names, email addresses, physical addresses, phone numbers and dates of birth, were accessed between late February and early March.
The attack also accessed encrypted passwords – passwords which are scrambled to make sure no one else can use them.
However eBay, which has 233 million users worldwide, says no unauthorised activity has been recorded on any of its users' accounts.
It adds there has also been no evidence of unauthorised access to financial or credit card information, or to personal or financial information for PayPal users, and that this information is stored separately in encrypted formats.
eBay says that since the incident there has been no increase in fraudulent activity on the website, although it's still asking users to change their passwords, as well as the same password used on any other sites.
MoneySavingExpert.com has always warned of the importance of using different passwords for different accounts and of the need to regularly change them to reduce the risk of them being compromised.
Get Our Free Money Tips Email!
I'm an eBay user, what should I do?
eBay users will be notified today via email and messages on the site that they should change their password.
To change your eBay password, log into your account using your existing username and password, then go to the 'change your password' page.
You should also change the password on any other online accounts where you used the same one. It's also worth being extra vigilant when checking all your online accounts in the next few weeks to make sure your details haven't been accessed or passed on.
If you do notice anything suspicious, contact your financial provider as soon as possible.
How did the attack happen?
eBay says attackers were able to access a small number of employee login details, which allowed them to get into the site's corporate network where customer information was held.
It adds that it's working with law enforcement and security experts and is "aggressively investigating the matter" after it was first discovered around two weeks ago.
What does eBay say?
eBay says: "Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords.
"Recently, our company discovered a cyber-attack on our corporate information network which compromised a database containing eBay user passwords.
"There is no evidence that any financial information was accessed or compromised; however we are taking every precaution to protect our customers."
There's an art to creating good passwords and making sure they aren't easy for hackers to guess. Here are some of our tips:
- Make sure it isn't obviously associated with you. Avoid using your date of birth, pet's name, or any other information hackers could easily access on a social network or by going through your bins.
- Use a mixture of words, numbers and characters. Passwords can still be memorable even when you jumble up numbers and letters, for example: M0n3y5av7ng3xp3rt.c0m!
- Use different passwords for different sites. This ensures that if someone were to guess one of your passwords, they wouldn't be able to get into all your accounts.
- Keep them safe. If you're using lots of different passwords, it's tempting to write them down. But that can be dangerous. So try to use a piece of technology that requires a password to get to the passwords.