eBay Hack – Protecting Internal Communications

Share Your Thoughts: Facebooktwittergoogle_pluslinkedin

By now, many of you have probably heard of the eBay security breach. Confirmed by investigators last week, the cyberattack began in late February and early March. eBay discovered it in early May. It was found after the company’s internal security team noticed employees engaging in unusual activity. As stated by the New York Times, the internal security team and the Federal Bureau of Investigation (FBI) worked together and studied computer logs. They found that the “hackers had stolen the credentials of several of its employees and gained unauthorized access to eBay’s corporate network.” Once the hackers were inside the database, they “were able to copy a database containing information on all 145 million of the company’s customers.”

Millions of accounts (both active and inactive) could have been affected. According to Mashable, the hackers “used an internal eBay corporate account to spy on usernames, email addresses, physical addresses, phone numbers and dates of birth.” In addition, the hackers accessed passwords, but only in the encrypted form.


eBay has recently moved its announcement about the security breach from the website landing page and can now be found here.


Representatives of eBay announced that they have no idea how many accounts were hacked and that they would not have any updated information on the matter. Although credit card information was not obtained, the security breach could be immense because people tend to use the same password for various sites.


eBay’s Response


eBay informed users on the homepage of its website of the security breach and how to protect themselves against releasing personal information. However, the company failed to email all users about the issue promptly.


As stated by Paul Roberts of Security Ledger


While eBay had weeks to digest the attack, the company’s initial response to the incident was understated. Hours after the company released its public statement, users said they had not been notified of the breach or the need to change their account password. The main eBay web site made no mention of the breach, nor were users notified of the breach upon logging in to their account.


On its homepage, President of eBay, Devin Wenig, reassured users that the team “is committed to making eBay as safe and secure as possible,” and that they are “looking at other ways to strengthen security on ebay.” The company will be introducing new security features in the upcoming days and weeks. 


Ways to protect yourself against security breaches

  • Specifically to eBay right now – change your password
  • Periodically update and change your passwords for all sites
  • Use different passwords on different sites and accounts
  • Create unique passwords. I.e., multiple characters long with upper and lowercase characters, numbers and at least one special character
  • In regards to phishing attacks— Do not click links in emails or discuss anything over the phone

Ways to protect your business against security breaches

Cyber attacks target a business at its weakest point: the users.

  • Don’t believe all stereotypes – Scam messages don’t always have unreliable links, bad English or poor copies of logos. According to James Lyne, Global Head of Security Research at Sophos, “sometimes they look practically identical to legitimate messages.”
  • Report suspicious activity – If an email looks unusual, make sure to report it to the correct authorities. I.e., I.T., dedicated email address for set up by your company for these instances
  • Always keep your computer secure – Make sure your computer is secure with anti-spam software, a firewall and run antivirus software

eBay has recently moved the announcement about the security breach from the website landing page and can now be found here


Enhanced by Zemanta
Share Your Thoughts: Facebooktwittergoogle_pluslinkedin



Firestorm® Solutions, is a Novume™ Solutions company (Nasdaq: NVMM), and is a leading crisis and risk management firm and America’s CRISIS COACH®. Since 2005, Firestorm has assisted clients in transforming crisis into value by responding to some of the largest and most complex crisis events as well as combining best-practice consulting with proven crisis management expertise. Firestorm empowers clients to manage crisis and risk through assessments, audits, program development, insurance partnerships, training and advisory services using the PREDICT.PLAN.PERFORM.® methodology.

Firestorm assesses, audits, develops, trains and tests strategies and programs encompassing emergency response, business continuity, crisis management, and crisis communications/PR. Firestorm demonstrates thought leadership in workplace violence prevention, cyber-breach response, insurance-related services, communicable illness/pandemic planning, predictive intelligence, and every preparedness initiative.

Firestorm provided crisis management and crisis communications services to Virginia Tech after the shootings and continues to provide services to keep tens of thousands of employees, customers and students safer.

(800) 321-2219


1000 Holcomb Woods Parkway
Suite 130
Roswell, GA USA 30076