ebay's big "whoops": what others can learn from it
DESCRIPTION
The word “eBay” necessitates no introduction. It’s a household brand, and a very successful one at that. The company made $16 million in gross revenue in 2013, netting at about $2.8 million. In a highly-embarrassing series of events, the company that also owns and operates PayPal had to stand (digitally) before its users and announce that it has been hacked.TRANSCRIPT
![Page 1: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/1.jpg)
What YOU Can Learn From eBay’s Security Breach
The word “eBay” necessitates no introduction. It’s a household brand, and a very successful one at that. The company made $16 million in gross revenue in 2013, netting at about $2.8 million. In a highly-embarrassing series of events, the
company that also owns and operates PayPal had to stand (digitally) before its users and announce that it has been hacked.
Read On PerfectCloud Blog
![Page 2: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/2.jpg)
WHAT HAPPENED EXACTLY?
![Page 3: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/3.jpg)
The Security Breach
Between late February and early March, a still-unidentified hacker managed to breach eBay’s database, revealing passwords and personal information of customers and employees.
It wasn’t until May that they recognized the breach. So, for roughly three months, every single account on eBay was as vulnerable as a gazelle in the middle of a large grassy field!
![Page 4: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/4.jpg)
eBay released a statement assuring that users’ financial data has not been compromised, since this is stored in encrypted format on a separate repository.
What about the passwords then?
How Did eBay Respond To This?
![Page 5: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/5.jpg)
How To Avoid Such Instance at Your Company?
![Page 6: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/6.jpg)
As an individual, it’s important to protect your identity from such breaches.
Make strong and complicated passwords to make it really difficult for the hackers to decrypt it.
What if eBay’s financial database had been compromised? Considering eBay’s close relationship with PayPal, you’d have been completely obliterated if you used both services.
![Page 7: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/7.jpg)
1
Avoid using the same password for two or more services at all costs. No matter what you have to do to make sure you remember all of those passwords, do it and do it now.
Use Different Passwords For Different Services
Hint – Use a Single Sign-On service
![Page 8: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/8.jpg)
2 Create Strong And Complicated Passwords
Don’t follow eBay’s advice when changing your password. It’s not going to save you from even the simplest dictionary attack. Learn how to create strong passwords.
![Page 9: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/9.jpg)
3 Find Out How Companies Store Your Data
Don’t rely on something just because it has encryption. Try to understand how the company providing services to you stores its passwords and how it manages encryption and decryption keys.
![Page 10: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/10.jpg)
Lessons Companies Can Learn From eBay’s Slip-Up
![Page 11: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/11.jpg)
Use Multi-Factor Authentication
Your employees need multi-factor authentication. Your entire data infrastructure is as strong as its weakest database. The more ways to authenticate you introduce, the better off you’ll be when someone tries to bypass a password.
![Page 12: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/12.jpg)
Schedule Regular Audits
Do you audit your application usage? If you don’t, you have nothing to compare when a hacker happens to breach an account in your company.
![Page 13: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/13.jpg)
Don’t wait until a breach happens to tell everyone to reset their passwords. Remind your employees and customers to regularly reset their passwords.
With staff that has access to sensitive information it should be done on a daily basis .
Implement Strict Password Policies
![Page 14: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/14.jpg)
eBay went out of its way in its statement to say that its “financial information is encrypted”. Right. So, what about the rest? Don’t be that company.
Encrypt All The Financial And Personal Data
![Page 15: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/15.jpg)
Stay AlertDon’t take three months to detect a threat, especially one that’s already gaining control of your database. Look for the signs of a breach. Check login times and see if something doesn’t add up with what your provider is giving you.
![Page 16: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/16.jpg)
Take a Few Precautions and Stay Protected From Security Breaches
![Page 17: eBay's Big "Whoops": What Others Can Learn From It](https://reader033.vdocuments.mx/reader033/viewer/2022060106/540015678d7f728b408b463f/html5/thumbnails/17.jpg)
To understand the presentation in depth read the following article – eBay’s Big “Whoops”: What Others Can Learn From It
If you have any queries or feedback, send an email to [email protected]