Αρχική News in English Massive attack on eBay threatens 145 million users: Why it’s more serious...

Massive attack on eBay threatens 145 million users: Why it’s more serious than first thought

logo_ebayOn Wednesday, eBay asked all of its 145 million active users to change their passwords as it believed that intruders had managed to access its database. While ebay insists that its PayPal payment system and credit information is safe, the fact remains that even without loss of credit card information, this is serious breach.

As this piece on Mashable points, “intruders had access to a customer database that also included other personal information, including names, mailing addresses and dates of birth — data that can’t so easily be changed.”

This is what is potentially damaging, since all of this is data that is important, hackers can cause a lot of damage with access to this kind of information, including outside of eBay. More importantly some of this personal information is often used to keep the account secure in the first place. As the report notes, Many password-reset questions involve a birthday, phone number and physical address. At the very least, this sort of data would make it easy for criminals attempting to bypass security settings. It could also be used to aid identity-theft schemes.” The report also quotes security reporter Brian Krebs as saying it’s quite likely that the email addresses on this list will receive more spam.

The incident has also put the spotlight on eBay and the company is facing criticism for how it handled such information, since it was clearly not encrypted. According to this piece on Telegraph, “the incident has shone a spotlight once again on the amount of information held by internet companies. And it has caused yet further confusion about what exactly customers can do to protect themselves.”

The report quotes, Brendan Rizzo, technical director of Voltage Security, saying “Everything should be encrypted. But it would seem that eBay took very much a tick-box compliance approach to protecting users’ data.” Worryingly this stolen data is likely to get auctioned on underground marketplaces and websites.

Source: http://tech.firstpost.com