eBay made a statement this week about the website’s hacking incident, encouraging users to change their passwords as soon as possible. Studies have shown that few individuals have changed their passwords as a result of eBay’s announcement earlier this week, despite eBay’s insistence as of Wednesday that users be diligent about doing so.
eBay says that the company detected its website had been hacked approximately two weeks ago, sometime during February-March, and set about investigating the cause and extent of the hack. “After conducting extensive tests on its networks, the company said it’s no evidence of the compromise resulting in unauthorized activity for eBay users and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice, and will help enhance security for eBay users,” the company responded at its Wednesday announcement. What eBay uncovered in the company’s two-week investigation is that a few “employee login credentials” were stolen by cyberattackers who then used them to penetrate eBay’s corporate website.
There is a possibility, as always, that no eBay user credit card account information was stolen in the two-month-old eBay hack incident, but there are some reasons why you should be worried about what happened. While the event happened two months ago, there may be ongoing, far-reaching consequences of the eBay hack that make it more serious than you may think.
eBay hack incident could result in the release of private user data
This is nothing new: in all hack events, there is always the possibility that personal information could be stolen (such as address, date of birth, credit card number, account number, telephone number, etc.). Even in the recent Target network breach, the same risk was associated with the event. What this means for users is that any eBay user – even someone who never uses eBay but owns an account – is at risk of identity fraud in the future. Identity theft occurs when individuals use whatever personal information they have that belongs to someone else for personal gain. Usually, hackers use personal information for financial reasons, obtaining credit cards, houses, land, and other possessions by living off of the supposed financial information of someone else. At the same time, hackers could also use your information across the World Wide Web to purchase anything.
In short, the ramifications of the eBay breach could be felt for years to come – both on the Web and in brick and mortal retail stores. Some eBay user may find that he or she is denied a car, home, or even a credit card in the future because of the eBay breach. You can always change your password, but you can’t change your permanent personal information. There’s no telling how deep and far the eBay breach will affect us all.
eBay hack incident may render security measures useless
Remember when you created an eBay account for the first time? You’re always prompted to provide a username and password, but then you’re also given security measures such as personal identity questions that only you would know the answers to. One such security question given by carriers and a number of online retail sites is, “What is the last name of your best friend?” Asking for the first name of your best friend is tricky business – considering that your best friend may have a common name (say, John, for example,) that could easily allow someone to hack into your account. Asking for the last name is a far stronger security measure because, while some last names are common, there are quite a few that are longer than first names are (usually).
Now, let’s approach the eBay hack event. If certain pieces of information are required in order to establish the security of your account, and hackers gain access to your account because of the data breach, what happens to all your account security measures? They go up in flames! The special security answers you enter to gain access are in the hands of the very same group (hackers) for which the security measures were meant to protect you. The hack event renders the security measures useless if hackers already have access. Even if the hacker never knew your city of birth, for example, he knows it now.
eBay is responsible for allowing this to happen, and the company should’ve encrypted its websites and user accounts. Unfortunately, the company’s neglect will lead to some terrible consequences for users who have been part of the eBay family for some time. Hackers don’t just grab data for themselves; in many cases, they sell it on the “black market” in order to make a profit. And this brings us to the most tragic consequence of all with the eBay hacking incident: your personal information could become the property of many individuals beyond the original hacker(s). eBay may be able to encrypt its site and user accounts from here on out, but the damage is done.
Some people, however, see the eBay hack, iCloud hacks, and even the recent HeartBleed vulnerability as events to be expected in a world where bugs and loopholes are found in software every day. Humans aren’t perfect, and neither are operating systems – or the World Wide Web. It is healthy to change your login information in situations such as these, but how difficult would it be if everyone changed their passwords at every site because of the latest bug, loophole, flaw, or vulnerability? Some consumers have only a few usernames and passwords, but there are many who have multiple. For those individuals, hearing of these things is tragic – but it is, nonetheless, a reminder that the World Wide Web is, ultimately, unconcerned with user data protection. No login page, security answer, or even data encryption will change that.