eBay hacked - 145 million records compromised

File:EBay logo.svg

Some 145 millions user records have been accessed when hackers raided eBay Inc's network 3 months ago.  This attack is being described as one of the biggest data breaches in history, based on the number of accounts compromised.

Customers are now being heavily advised to change their password immediately to avoid any risk of  un-authorized account access.  eBay spokeswoman Amanda Miller told Reuters that:

“There is no evidence of impact on any eBay customers,” Miller said. “We don’t know that they decrypted the passwords because it would not be easy to do.”

How to protect your data from such hacking attacks

Records stolen are thought to have contained passwords as well as email addresses, birth dates, mailing addresses and other personal information, but not financial data such as credit card numbers.  There are a number of ways to be secure and at a lesser risk of being majorly effected, and that is to use strong, unique passwords, and to not re-use passwords across multiple sites.

The issue with this is that most users complain that it's difficult to remember a strong, unique password for each site used, for example a regular user would normally probably have accounts with Facebook, Google, Twitter, eBay, PayPal, Amazon and LinkedIn.  That is 7 passwords which need to be memorized, not taking into consideration other sites which could be used and contain personal information.  The easiest way to solve this is to use a password manager, such as LastPass which is the most popular option and is available for free.  Such applications provides a secure, central repository for you to safely store your passwords and also comes with some handy features such as auto-fill and password generators.  Paid versions are also very cheaply available and offers extra layers of security and convenience such as multi-factor authentication and mobile applications.  Such accounts are also highly recommended for businesses.  The most important when using password managers is to use a strong, complex password to secure this account, as it would obviously be worst if someone manages to hack into this account.

In this case, eBay insists that no financial information was stolen, though private personal data still holds a lot of value.  Personal data such as your postal address, telephone number, name and date of birth cannot be easily changed and these are what makes someone unique and identifiable.  Though even though financial information does get encrypted, personal information doesn't and this is something that companies don't have any excuse for not doing and should be considered as an industry standard.  

There are various best practices which you should adapt to reduce personal data loss:

  • Give the bare minimum - Only give our information if it is required and not optional, always provide the bare minimum when possible.  Some internet companies definitely don't require some personal information such as where you live or your telephone number to provide their service.  In most cases one has to ask themselves if it's worth the risk.
  • Limit your financial information - This is probably the most valuable piece of information and shouldn't be given out to every company.  These days most companies support secure, central payment methods such as PayPal (which is owned by eBay, but did not get affected by the hack) and Google Checkout.
  • Don't give out your full name - Your name is usually the bare minimum, consider giving certain sites and services a fake name or a nickname.  You should also consider just giving out an initial of your first and middle name instead of the full name. That way hackers don’t actually get your actual real name.
  • Alter your postal address - For services such as Amazon and eBay this information is unavoidable, though to other services this information is not required even though you might get asked for it.  The best solution would be to give an approximate location, such as a different street close by to where you live, or by not specifying your house / building number.
  • Tweak your date of birth - Most companies require this to verify your age due to content restrictions, though your date of birth is one of your most vital pieces of information and shouldn't be taken likely.  The easiest way to mask this information is to change the year, or swap some number around in a way that you'll remember.
  • Use multiple email address - Chances are that every service is connected to your email address, which is giving hackers a central weak link.  If a hacker manages to hack into your email account all your other account could be compromised since when you would usually send a 'forgot my password' request on a website they would send you a reset link to your email address, which gives the hacker full control of your web presence.
  • Fake the security questions - Don't make your 'secret' questions and answers too obviously, like favorite food or mother's maiden name. Instead just randomize your answers using some gibberish.  

Recent Bloggers Recent Bloggers

Jean-Paul Navarro
Posts: 6
Stars: 0
Date: 8/21/14
Mark Farrugia Sant'Angelo
Posts: 3
Stars: 0
Date: 7/3/14