The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data.
The company added that it had no evidence of there being unauthorised activity on its members' accounts.
However, it said that changing the passwords was "best practice and will help enhance security for eBay users".
The California-based company has 128 million active users and accounted for $212bn (£126bn) worth of commerce on its various marketplaces and other services in 2013.
It said it would be contacting users to alert them of the issue via email, its website, adverts and social media.
A spokesman added that the firm's engineers were in the process of rolling out a feature that would oblige members to choose new passwords when they next logged in, which should be live in each of the countries eBay operated in by the end of the day.