Mumbai, India, May 23, 2014: A few hours ago, eBay announced that it has been hacked and has been requesting users to change their passwords. Cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network, the company said.
According to eBay, the database which was compromised between late February and early March, included customer’s name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information.
Even though this hack was perpetrated almost two months ago, suspicious activity related to the compromised employee log-in credentials was first detected just a couple of weeks ago. However, it is to be noted that eBay did not find any evidence pertaining to the compromise of the financial database which contains information related to personal or financial details of PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.
eBay has also mentioned that there has been no indication of increased fraudulent account activity on eBay.
For past few months, online retailers have been attacked consistently. This time however, the attack was perpetrated on eBay which has one of the most secured networks. But as usual, it is the human who is the weakest link. The same was observed a few years ago during the attack on RSA.
It simply does not matter how much precautions you take or how much you have invested in securing your networks. It all boils down to the person who is using the computer. How much have you, as an organization educated your employees in detecting spear phishing mails or fake websites or as a matter fact, about the basics of IT security?
In today’s world, corporate/network security is not just limited to devices and security experts. It is about each and every employee who has access to the resources of the organization. Unless and until, organizations realize the importance of the IT security awareness amongst employees, we will always observe a Goliath falling down.
eScan shares few best practices to prevent being a victim of such attacks:
- Make sure to change your account passwords at regular intervals.
- Deploy a Password Manager as they try to solve that problem by helping you generate random passwords for each account.
- Create unique passwords: Each website should have its own unique password. Password should be at least eight characters long. It should contain uppercase and lowercase letters numbers and special characters.
- Enable dual-factor authentication: (Gmail is one service that does so) In addition to a password, the service requests for another identifying information, such as a code that’s been sent to you.
- Ensure that the Anti-Virus and Anti-malware programs in your computer are regularly updated.
- Download and install updates and patches for your operating systems, applications and browsers regularly.