Emails will be going out shortly to all EBay users requesting them to change their passwords for their accounts due to the breach of security occurring in late February/ early March. The cyber-attack allowed access to a database with encrypted passwords, customers’ names, email and physical addresses, phone numbers, dates of birth and non-financial data.
On Wednesday EBay announced that, based on extensive research, it has not found evidence of unauthorised activity or access to financial information as all clients credit card information is encrypted and stored separately from the leaked database. In addition, EBay has stated that it sees no proof of unauthorised access to PayPal as the data is stored on a separate secure network. Although all passwords that have been accessed are encrypted, Michael Coates, director of product security at Shape Security in California, states that encryption is one of the more easily broken ways of protecting a password.
“Encryption allows EBay, or anyone who access the decryption key, to decrypt and see your actual password. Password hashing allows EBay to check if the password you enter is correct or not, but doesn’t allow EBay (or hackers) to get the plaintext of your actual password,” Coates said.
Although all clients financial information seems to be secure, the leakage has the potential to compromise all websites – not just EBay. This being due to the fact that most internet users normally use the same passwords on various sites. Coates states that the leakage may compromise accounts across the web.
This latest EBay breach is just the latest in a series of attacks targeting customer data – earlier this month Gregg Steinhafel, Target chief executive, stepped down just months after hackers swiped the financial information of 40 million customers. In addition, in April AOL announced that its email service had been hacked with users complaining that their accounts had been sending spam to their contacts. Eric Chiu, president & co-founder of security firm HyTrust, has stated that these kinds of cyber breaches are occurring more frequently.
With the continued increase in cyber-hacking the question arises as to why these hackings are occurring so frequently one after the other and could they all be connected?