The word “eBay” necessitates no introduction. It’s a household brand, and a very successful one at that. The company made $16 million in gross revenue in 2013, netting at about $2.8 million. In a highly-embarrassing series of events, the company that also owns and operates PayPal had to stand (digitally) before its users and announce that it has been hacked.
eBay's Big "Whoops": What Others Can Learn From It
1. What YOU Can Learn From eBay’s Security Breach
The word “eBay” necessitates no introduction. It’s a household brand, and a very successful one at that. The company
made $16 million in gross revenue in 2013, netting at about $2.8 million. In a highly-embarrassing series of events, the
company that also owns and operates PayPal had to stand (digitally) before its users and announce that it has been
hacked.
Read On PerfectCloud Blog
3. The Security Breach
Between late February and early March, a still-
unidentified hacker managed to breach eBay’s
database, revealing passwords and personal
information of customers and employees.
It wasn’t until May that they recognized the
breach. So, for roughly three months, every single
account on eBay was as vulnerable as a gazelle in
the middle of a large grassy field!
4. eBay released a statement
assuring that users’ financial
data has not been
compromised, since this is
stored in encrypted format on a
separate repository.
What about the passwords
then?
How Did eBay Respond To This?
6. As an individual, it’s important to protect your identity from such breaches.
Make strong and complicated passwords to make it really difficult for the hackers to
decrypt it.
What if eBay’s financial database had been compromised? Considering eBay’s close
relationship with PayPal, you’d have been completely obliterated if you used both
services.
7. 1
Avoid using the same password for two or more services at all costs. No matter what you
have to do to make sure you remember all of those passwords, do it and do it now.
Use Different Passwords For Different Services
Hint – Use a Single Sign-On service
8. 2 Create Strong And Complicated Passwords
Don’t follow eBay’s advice when changing your password. It’s not going to save you from
even the simplest dictionary attack. Learn how to create strong passwords.
9. 3 Find Out How Companies Store Your Data
Don’t rely on something just because it has encryption. Try to understand how the company
providing services to you stores its passwords and how it manages encryption and
decryption keys.
11. Use Multi-Factor Authentication
Your employees need multi-factor authentication. Your entire data infrastructure is as strong
as its weakest database. The more ways to authenticate you introduce, the better off you’ll be
when someone tries to bypass a password.
12. Schedule Regular Audits
Do you audit your application usage? If you don’t, you have nothing to compare when a hacker
happens to breach an account in your company.
13. Don’t wait until a breach happens to tell everyone to reset their passwords. Remind your
employees and customers to regularly reset their passwords.
With staff that has access to sensitive information it should be done on a daily basis .
Implement Strict Password Policies
14. eBay went out of its way in its statement to say that its “financial information is encrypted”.
Right. So, what about the rest? Don’t be that company.
Encrypt All The Financial And Personal Data
15. Stay Alert
Don’t take three months to detect a threat, especially one that’s already gaining control of your
database. Look for the signs of a breach. Check login times and see if something doesn’t add up
with what your provider is giving you.
16. Take a Few Precautions and Stay Protected From
Security Breaches
17. To understand the presentation in depth read the following article –
eBay’s Big “Whoops”: What Others Can Learn From It
If you have any queries or feedback, send an email to contact@perfectcloud.io