eBay hack puts identities of millions of customers at risk

22 May 2014

Security researchers have warned that identities of millions of eBay customers could be at risk after hackers stole personal data from company servers.

The auction site today called on all 145 million of its active users to change their passwords after it came to be known that hackers had managed to access the names, email and postal addresses, phone numbers and dates of birth. It was further feared that with those details hackers could gain access to users' other online accounts.

Though online banking services accepted a date of birth and address as part of their secure log-in process, telephone banking services often requested the same details for validating whom they were talking to. Malicious attackers would have a great time with those details.

The eBay hack did not extend to passwords stored in plain text, though , encrypted passwords were stolen. The company further did not offer any idea on the strength of the encryption.

However, as the attack took place between late February and early March, it was possible that the thieves had had time to extract customer details, according to David Emm, senior security researcher at Kaspersky Lab.

According to commentators, the hack came as security experts kept warning people that in an increasingly dicey web environment, consumers needed take a more active role in protecting themselves.

Maintaining good password hygiene was a good  example as also using too many easy-to-crack passwords. Also far too many used the same passwords over and over again across different sites, which needed to be discouraged.

While it may be accepted that complex passwords were a hassle to remember, they also help keep restrict cyber criminals. Users need to have one unique, complex password for each online website they visit. Passwords should not be common words from the dictionary and should have a minimum of eight characters including letters, numbers, and symbols, according to Jim Brennan, director of strategy and product management with IBM Security.

According to cyber security experts, if it was not possible for users to follow the guidelines, they would do well to get a password management programme to do it for them.