In approximately February-March 2014, attackers compromised the credentials of a small number of eBay corporate employees and used those credentials to access the company’s network, ultimately reaching the customer database. eBay disclosed the breach in May 2014, three months after it occurred, and was heavily criticized for the delay. The breach exposed names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth for approximately 145 million registered eBay users. eBay stated that financial and credit card information stored in a separate, encrypted database was not compromised. The company required all users to change their passwords. Regulators in several countries investigated eBay for the delayed disclosure. The breach demonstrated the danger of using legitimate employee credentials — making intrusions harder to detect than purely anomalous attacks.