Mimecast Logo
Get Started
Get a Quote
    Cyber Resilience Insights
    All Topics
    Email Security
    Web Security
    Security Awareness Training
    Brand Protection
    Archive and Data Protection
    Threat Intelligence
    Web Security

    eBay - A Trophy Hack?

    by Mimecast Contributing Writer

    The news over the last week confirmed that eBay has been hacked. Media comments suggest that upwards of 145 million users have had their account details, including passwords and personal information, stolen.

    According to reports, the story started when a bizarre blog post appeared on PayPal’s website that indicated eBay was asking users to change their passwords. The post was quickly deleted, but not before it had been retweeted dozens of times. The cat was out of the bag and eBay started making the headlines.

    What we know

    eBay has been hacked! If this isn’t alarming enough, consider that eBay’s user-base is huge and the data that appears to have been stolen contains more than just usernames and passwords. eBay is obviously worried that the breached database contains personal information as well as encrypted passwords.

    What we don’t yet know

    So far eBay has been reasonably tight lipped about the breach. But there are some significant unanswered questions that it needs to address quickly:

    • How much data was stolen, and how easy would it be for the attackers to use that data?
    • How was the data encrypted?
    • How were the passwords encrypted? How strong was the hash function and were the passwords salted too?

    The trophy hack

    eBay is one the world’s largest websites and given the nature of its business need to retain a significant amount of personal information about its users. In terms of a target for attackers, eBay is a holy grail and a trophy, because a compromise of its databases would be the one-stop-shop attackers need to gain personal and financial information.

    What you should do now

    The advice in the event of hacks like this is always the same. Change your password. Consider also changing your PayPal password in this case.  Although PayPal appears not to have been affected, I’m betting lots of people use the same password for PayPal as they do for eBay.

    Then consider which other sites you may have used that password on. This is yet more proof if you need it why you must never share passwords across websites, but despite the common sense of this many people still do it. Also change and rotate your passwords regularly.

    Better still, use a password tool like LastPass (other password tools are available) which will generate a long and complex password for you, then remember the site and password for you.

    I’m waiting to see how this incident pans out and I’m expecting we’ll learn a lot from it. I’ll provide more analysis on this blog shortly.

    cyber-resilience-news.png
    Up Next
    Web Security |
    Cyber Resilience News April 3, 2018

    Related Articles

    Web Security
    Microsoft OneDrive Security
    Web Security
    New approaches to fighting ransomware are emerging
    Web Security
    How microservices are opening the door for macro threats

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top