EBay said that hackers raided its network three months ago, accessing some 145 million user records in what is poised to go down as one of the biggest data breaches in history, based on the number of accounts compromised.
Following the disclosure, a spokeswoman for Connecticut's attorney general said that the state is probing eBay's breach. Illinois and Florida will also be joining the inquiry, according to a spokeswoman for Illinois's attorney general.
EBay advised customers to change their passwords immediately, saying they were among the pieces of data stolen by cyber criminals who carried out the attack between late February and early March.
EBay spokeswoman Amanda Miller told Reuters late on Wednesday that those passwords were encrypted and that the company had no reason to believe the hackers had broken the code that scrambled them.
Read MoreWho has the worst password security?
"There is no evidence of impact on any eBay customers," Miller said. "We don't know that they decrypted the passwords because it would not be easy to do."
She said the hackers gained access to 145 million records of which they copied "a large part". Those records contained passwords as well as email addresses, birth dates, mailing addresses and other personal information, but not financial data such as credit card numbers.
Miller also said the company has hired FireEye's Mandiant forensics division to help investigate the matter. Mandiant is known for publishing a February 2013 report that described what it said was a Shanghai-based hacking group linked to the Peoples Liberation Army.