Security

The eBay data compromise: What you need to know

eBay has joined the elite list of companies that have lost members' personal information. Learn how that affects you personally.

ebay-image.jpg
 Image: CBS

Yesterday, eBay announced the company suffered a data breach. The compromised database contained member names and the associated password, email address, physical address, phone number, and date of birth.

How?

As to how it happened, eBay said a number of employee login credentials were compromised (stolen, in plain speak), allowing those who stole the credentials access to eBay's corporate network. eBay said the data breach was discovered two weeks ago, and an initial investigation determined the bad guys first penetrated eBay's infrastructure in late February or early March.

eBay wanted to be clear that the compromised database did not contain financial information or other confidential personal information. The other somewhat good news is that the passwords were encrypted. eBay would not comment as to the strength of the encryption, and rather than take a chance is requiring all member to change their eBay passwords.

Regarding passwords, eBay reminded members if they used their eBay password to login at other websites, the password needs changing everywhere it was used. eBay also issued a cautionary warning to its members: "The same password should never be used across multiple sites or accounts." Let's hope the eBay workers whose passwords were compromised heeded their employer's advice.

Protecting your important data starts with generating a strong, yet usable password. TechRepublic created this PowerPoint presentation to help users derive a strong password that will still be easy to remember.

PayPal not affected

Since eBay owns PayPal, concern regarding the safety of member information stored by the financial services provider was understandable. PayPal member information was not affected. eBay stated: "It has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted."

In an odd twist, the PayPal blog site provided the initial indication something was wrong, alerting many, including CNET, that eBay was going to ask its members to change their password.

Last thought

Although eBay is downplaying the importance of the stolen information, it shouldn't be taken lightly. In today's world where manipulating large amounts of disparate data is becoming relatively easy, adding data taken from eBay to other stolen data may just give the criminals enough information to try password-changing scams, or even worse steal a victim's identity.

The other problem with the bad guys having email addresses and other personal information, it enhances their ability to send official-looking eBay or PayPal phishing emails to members who are already concerned about their information being in the wrong hands.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

6 comments
NickNielsen
NickNielsen moderator

On the bright side, maybe they'll figure out I don't have an eBay account and finally stop sending me those fishing emails.


I won't hold my breath.

HAL 9000
HAL 9000 moderator

Michael, I hope you are not implying that the Crims are using Big Data for their own ends.

Yep I know that they are and are attempting to make a big enough Data Base to do whatever they like whenever they want and not to whomever they like but to Every Body.


Ain't technology great?

Col  

Gisabun
Gisabun

In other web sites people are complaining that they weren't notified. They went on their own to change passwords and had to dig quite a bit to find where to change their password.

qqr
qqr

My thoughts exactly on the identity theft issue, all personal information data in these systems should be encrypted as well were possible.


Michael Kassner
Michael Kassner

@Gisabun


I know eBay told the tech media first and that they were telling the members later. That may have made it look like there was a lag. 

Michael Kassner
Michael Kassner

@qqr


I have been trying to get some numbers on the cost of encryption, but everyone is being vague. They just say there is an added cost to encrypting all the data. I suspect there is a latency issue as well. 

Editor's Picks