ebay's big "whoops": what others can learn from it

What YOU Can Learn From eBay’s Security Breach

The word “eBay” necessitates no introduction. It’s a household brand, and a very successful one at that. The company made $16 million in gross revenue in 2013, netting at about $2.8 million. In a highly-embarrassing series of events, the

company that also owns and operates PayPal had to stand (digitally) before its users and announce that it has been hacked.

Read On PerfectCloud Blog

WHAT HAPPENED EXACTLY?

The Security Breach

Between late February and early March, a still-unidentified hacker managed to breach eBay’s database, revealing passwords and personal information of customers and employees.

It wasn’t until May that they recognized the breach. So, for roughly three months, every single account on eBay was as vulnerable as a gazelle in the middle of a large grassy field!

eBay released a statement assuring that users’ financial data has not been compromised, since this is stored in encrypted format on a separate repository.

What about the passwords then?

How Did eBay Respond To This?

How To Avoid Such Instance at Your Company?

As an individual, it’s important to protect your identity from such breaches.

Make strong and complicated passwords to make it really difficult for the hackers to decrypt it.

What if eBay’s financial database had been compromised? Considering eBay’s close relationship with PayPal, you’d have been completely obliterated if you used both services.

1

Avoid using the same password for two or more services at all costs. No matter what you have to do to make sure you remember all of those passwords, do it and do it now.

Use Different Passwords For Different Services

Hint – Use a Single Sign-On service

2 Create Strong And Complicated Passwords

Don’t follow eBay’s advice when changing your password. It’s not going to save you from even the simplest dictionary attack. Learn how to create strong passwords.

3 Find Out How Companies Store Your Data

Don’t rely on something just because it has encryption. Try to understand how the company providing services to you stores its passwords and how it manages encryption and decryption keys.

Lessons Companies Can Learn From eBay’s Slip-Up

Use Multi-Factor Authentication

Your employees need multi-factor authentication. Your entire data infrastructure is as strong as its weakest database. The more ways to authenticate you introduce, the better off you’ll be when someone tries to bypass a password.

Schedule Regular Audits

Do you audit your application usage? If you don’t, you have nothing to compare when a hacker happens to breach an account in your company.

Don’t wait until a breach happens to tell everyone to reset their passwords. Remind your employees and customers to regularly reset their passwords.

With staff that has access to sensitive information it should be done on a daily basis .

Implement Strict Password Policies

eBay went out of its way in its statement to say that its “financial information is encrypted”. Right. So, what about the rest? Don’t be that company.

Encrypt All The Financial And Personal Data

Stay AlertDon’t take three months to detect a threat, especially one that’s already gaining control of your database. Look for the signs of a breach. Check login times and see if something doesn’t add up with what your provider is giving you.

Take a Few Precautions and Stay Protected From Security Breaches

To understand the presentation in depth read the following article – eBay’s Big “Whoops”: What Others Can Learn From It

If you have any queries or feedback, send an email to contact@perfectcloud.io