The latest internet giant to have its security compromised is eBay. A database containing user information has been hacked, leaving potentially millions of people vulnerable. The revelation is clearly a considerable embarrassment for the world-leading online auction site and worse still, the hack may have happened around three months ago without anyone noticing.
eBay has millions of users around the world, both buying and selling goods. It is not clear how many have been affected but everyone who has an account needs to take action. The database that was hacked contained user passwords and other sensitive details.
No one knows yet which cyber-criminals compromised eBay’s system or if this problem is part of any other ongoing security issues. What is clear though, is that it has taken the company some considerable time to discover the weakness and admit it to customers.
Slow on the uptake
The eBay hack happened when an employee’s details were stolen. This employee’s details may have been acquired as part of another compromise, such as a key logger tracking the keypresses they made.
Many large organisations conduct frequent security audits of their networked systems. Everything from servers to networking connections is checked for potential vulnerabilities. This is commonly referred to as penetration testing.
It’s done with the help of tame hackers, known as penetration testers, who test networked systems with the permission of the chief security officer but don’t do anything illegal. To help the company, they will try every possible way of gaining access to the system. While they’re in there, they check to see if there are any issues already present.
This is probably how eBay eventually cottoned on to the problem in its system. Some unusual activity was detected around two weeks ago and, using various forensic tools, security workers tracked the compromise back to around February or March this year.
In my opinion, the company could have used network logs to track the login IP address of this unusual activity as well as keeping a record of ingoing and outgoing network traffic from the system.
It would have soon become apparent that someone had completed the kind of database query they are now reporting. In theory, this is a large and unusual database request for the personal details of a large number of users. If, as could be the case, millions of accounts have been compromised, we have to wonder why eBay did not detect the problem sooner.
What to do now
If you are an eBay user you should be concerned about this hack. You could be one of the many people whose details could have been extracted. And if that’s the case, the hackers now have your name, home address and date of birth. You don’t have to be an expert these days to know that this information could now be passed on to other criminal organisations.
As an eBay user, I will change my password and keep a closer eye on any eBay activity or suspicious emails for some time. Even after you’ve changed your password, there is a chance that you may be phished by these cyber-criminals. You might get an email saying that you need to respond to a query about an item you are selling, the real purpose of which is to commit fraud.
While eBay says it can see no evidence that user accounts having been abused and claims that financial details have not been compromised, it knows that this is now a major risk. Many accounts link to other personal details and millions of financial transactions a day take place on this very popular site.
For eBay, there is a great deal of public relations work to be done. The company is going to need to explain to its customers, as well as many media organisations, just how wide this data loss really is. That will include confirming whether all users have been affected or if only a certain category is at risk. Since it has taken so long for the truth to out, it’s best not to wait around for more information. Change your password now.
By Andrew Smith, The Open University
Andrew Smith does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.