Connecticut, Florida and Illinois are conducting a joint investigation into the matter, according to according to a spokeswoman for Illinois Attorney General Lisa Madigan.
The investigation will focus on eBay's measures for securing personal data, the circumstances that led to the breach, how many users were affected, and the company's response to the breach, said Jaclyn Falkowski, a spokeswoman for Connecticut Attorney General George Jepsen.
Jepsen's office, which is also investigating breaches at Target Corp, Neiman Marcus and Experian, has already contacted eBay, according to Falkowski.
EBay spokeswoman Amanda Miller declined to comment.
The investigations come as some eBay customers complained in eBay Community forums and on social media that they received news about the breach from media sources first and not directly from the company.
Some customers said they have yet to received notifications by email, which eBay has promised to do.
"This is all over the news - Nothing from EBay," sfbay111 said in one post on an eBay forum.
Miller said she had no immediate comment on the complaints.
The company has said hackers attacked between late February and early March with login credentials obtained from "a small number" of employees. They then accessed a database containing all user records and copied "a large part" of those credentials.
The breach was discovered in early May and disclosed on Wednesday.
The company said hackers stole email addresses, encrypted passwords, birth dates, mailing addresses and other information, though no financial data, nor PayPal databases were compromised.
New York Attorney General Eric Schneiderman has asked eBay to provide free credit monitoring for everyone affected, according to a person familiar with the matter.
The EBay breach would be larger than the one Target Corp disclosed in December of last year, which included some 40 million payment card numbers and another 70 million customer records.
Computer security experts say the biggest breach was uncovered at software maker Adobe Systems Inc in October 2013, when hackers accessed about 152 million user accounts.