CeX, one of the Internet's biggest second-hand goods chains, has suffered a data breach, the company said in a statement on its website yesterday.
The company is currently in the process of contacting over two million users it believes have been affected by the security breach.
CeX said the attacker made off with first names, surnames, addresses, email addresses, and phone numbers if this were supplied.
The good news is that CeX stopped collecting credit and debit card details in 2009. The attacker made off with encrypted payment card data, but by now, most of the old card data had expired a long time ago.
The company said it started notifying affected users via email. "If you do not receive an email, your account is not affected," CeX said in a statement.
CeX, who runs the WeBuy.com website, is one of the Internet's biggest marketplaces for buying and selling used IT goods, such as computer parts, games, movie DVDs, old music albums, and more.
The company also has stores all over the world, in countries such as the US, the UK, Australia, India, Spain, the Netherlands, and several others.
This was not the only data breach announced yesterday. Swedish ISP Loopia also suffered a security breach, and an attacker made off with parts of its customer database.