eBay Hack – Protecting Internal Communications
By now, many of you have probably heard of the eBay security breach. Confirmed by investigators last week, the cyberattack began in late February and early March. eBay discovered it in early May. It was found after the company’s internal security team noticed employees engaging in unusual activity. As stated by the New York Times, the internal security team and the Federal Bureau of Investigation (FBI) worked together and studied computer logs. They found that the “hackers had stolen the credentials of several of its employees and gained unauthorized access to eBay’s corporate network.” Once the hackers were inside the database, they “were able to copy a database containing information on all 145 million of the company’s customers.”
Millions of accounts (both active and inactive) could have been affected. According to Mashable, the hackers “used an internal eBay corporate account to spy on usernames, email addresses, physical addresses, phone numbers and dates of birth.” In addition, the hackers accessed passwords, but only in the encrypted form.
eBay has recently moved its announcement about the security breach from the website landing page and can now be found here.
Representatives of eBay announced that they have no idea how many accounts were hacked and that they would not have any updated information on the matter. Although credit card information was not obtained, the security breach could be immense because people tend to use the same password for various sites.
eBay’s Response
eBay informed users on the homepage of its website of the security breach and how to protect themselves against releasing personal information. However, the company failed to email all users about the issue promptly.
As stated by Paul Roberts of Security Ledger
While eBay had weeks to digest the attack, the company’s initial response to the incident was understated. Hours after the company released its public statement, users said they had not been notified of the breach or the need to change their account password. The main eBay web site made no mention of the breach, nor were users notified of the breach upon logging in to their account.
On its homepage, President of eBay, Devin Wenig, reassured users that the team “is committed to making eBay as safe and secure as possible,” and that they are “looking at other ways to strengthen security on ebay.” The company will be introducing new security features in the upcoming days and weeks.
Ways to protect yourself against security breaches
- Specifically to eBay right now – change your password
- Periodically update and change your passwords for all sites
- Use different passwords on different sites and accounts
- Create unique passwords. I.e., multiple characters long with upper and lowercase characters, numbers and at least one special character
- In regards to phishing attacks— Do not click links in emails or discuss anything over the phone
Ways to protect your business against security breaches
Cyber attacks target a business at its weakest point: the users.
- Don’t believe all stereotypes – Scam messages don’t always have unreliable links, bad English or poor copies of logos. According to James Lyne, Global Head of Security Research at Sophos, “sometimes they look practically identical to legitimate messages.”
- Report suspicious activity – If an email looks unusual, make sure to report it to the correct authorities. I.e., I.T., dedicated email address for set up by your company for these instances
- Always keep your computer secure – Make sure your computer is secure with anti-spam software, a firewall and run antivirus software
eBay has recently moved the announcement about the security breach from the website landing page and can now be found here.
“What should we do now?” “What should we say?”