The famous auction site of eBay says it was the target of a cyber attack in which hackers accessed a database of its encrypted passwords. eBay says no financial data was revealed, but it’s urging its users to update login credential.

EBay says that it hasn’t seen any sign of fraudulent activity since the problem was first detected “about two weeks ago.” It also said that it stores financial data and customer records in different places and that accounts of its direct-payment subsidiary, PayPal, were not affected by the data breach.

But the company urged all of its users, including the 145 million customers who bought or sold something on eBay in the last 12 months, to change their passwords.

EBay’s shares fell as much as 3.2 percent on Wednesday after the company disclosed the attack on a database that also contains encrypted passwords, addresses and phone numbers.

“For the time being, we cannot comment on the specific number of accounts impacted,” eBay spokeswoman Kari Ramirez said. “However, we believe there may be a large number of accounts involved.”

EBay said it had 145 million active buyers as of March 31. It also has an undisclosed number of inactive users.

“We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace,” reads a statement from eBay.

The attack follows several other high-profile hacking incidents, including a massive data breach at Target stores and the spread of the computer security flaw nicknamed “Heartbleed.” Heartbleed took advantage of a flaw in a key piece of security technology used by more than 500,000 websites that had been exposing online passwords and other sensitive data to potential theft for more than two years.