Another day, another giant of e-commerce hacked. Today, eBay announced that at some point in February or March, their corporate network was compromised, and the hack, discovered ‘about 2 or 3 weeks ago’ has opened up the potential for users’ personal information to be exploited.
Ebay made it very clear that the data for which unathorized access was obtained was of a non-financial nature, but did contain encrypted passwords. And according to The Street, the information made available is “eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.”
According to the San Jose based eBay, all users should immediately change their passwords to protect their online identities. Given the fact that many internet users maintain the same password across various websites, hackers may be able to open a veritable wormhole of cyberthieving activity by using bots to run the stolen PW’s across other login pages such as banks.
Anybody who knows anything about identity theft can tell you that with just those small pieces of information, hackers can also find ways to take over your bank account, print their own debit cards using your financial information, secure a home mortgage loan, steal your IRS refund check, apply for a line of credit, request a birth certificate, and many other nefarious activities.
According to Wikipedia, EBAY is a multi-billion dollar business with geospecific versions in over 30 countries around the world.
That massive amount of data, operating in concert with their giant networks of servers in cloud and terrestrial storage, the many people they must employ and fire, and the great number of operators standing by to field phone calls within the company, all indicate that penetration testing would probably show they are vulnerable to attack from many different angles.
Keep in mind that the data breach which caused the Target corporation to be hacked for millions of credit card swipes was initiated through illegal access to a heating and ventilation server.
With the “Internet of Things” connecting so many corporate assets to sensors, each other, and the web, we will no doubt continue to see exploits perpetrated through a combination of breaking and entering, social engineering, and good old fashioned remote port control.
People of the world, surf smart, surf safe, and protect yourself by following best practices of protected online identity.