In the latest cyber security issue to hit front pages, auction giant eBay has admitted that the postal and email addresses, names, phone numbers, dates of birth, and encrypted passwords for millions of their customers were stolen in a security breach last March. eBay is now recommending that all eBay users change their password — and has said little else so far.
eBay says that the attack occurred through compromised employee accounts, which allowed unauthorized users to access its network. eBay first detected the breach two weeks ago, but has only just announced it. In light of Target’s gigantic mishap last December, in which the data from 40 million shoppers was stolen, eBay seems to be trying to avoid public backlash as much as possible. Already, stocks have fallen 3.2% since the company announced the data breach.
Unfortunately, there is little that can be done about the personal details eBay has lost, such as dates of birth, and users will just have to hope that identity thieves do not gain a hold of it and use it to crack user identities on other websites. The Telegraph advises that it might be a good idea for potentially targeted users to check their credit rating — an unanticipated change is often a sign that someone has become a target of an identity thief.
eBay reassures its clients that no financial data has been lost, though for some, this might feel like a bit of an empty promise. If eBay can lose the personal information for millions of users by accident, are there really enough barriers in place to prevent financial information from being leaked as well? “The real key question going forward will be if any money has been stolen, or any unauthorized activity been performed,” says Wedbush Securities analyst, Gil Luria.