<img src="https://secure.leadforensics.com/32105.png" style="display:none;">

Cybersecurity News, Advice and Opinion

Millions Of eBayers Urged To Change Passwords

Posted by Jo on May 22, 2014 11:41:00 AM

ebay

The cyber-attack on eBay is the world’s biggest online security breach where passwords, names, addresses and phone numbers of the company’s 145 million users have been stolen by hackers.

An official news release by eBay Inc. on May 21st, stated ‘eBay Inc… will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data.’

The statement comes after the news that eBay’s database was compromised sometime between February and March, which included customer usernames, email address, physical address, phone number and date of birth, as well as encrypted passwords. The company stress that the database did not contain financial information and that PayPal, owned by eBay Inc., has not been affected.

‘The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.’

eBay have been severely criticised for their handling of customer data, with the main question asking why all personal data stored in the database was not encrypted. The company have also been criticised for the handling of the breach. They have neglected to directly alert users that their credentials and personal information has been compromised via email, as well as failing to provide easy access links to change passwords on their website.

The breach, which was detected two weeks ago, occurred after ‘Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network.’, according to the statement. It’s certainly not the first time that a company have suffered security breaches or major embarrassment because of poor password policies with companies – a few examples include Dropbox, who suffered a data breach after an employee’s credentials were stolen and used to access documents containing user email address and Thomson Travel were duped out of $100,000 (£70,000) by an ex-employee, and Wyndham Hotels weak admin passwords resulted in a lawsuit after 50,000 customers credit card details were compromised.

Employing good password practices in vital to keeping your online information safe as well as preventing your business from a total PR nightmare. Firstly, it is strongly advised that you change your eBay password as soon as possible and whilst doing so it might be worth changing your PayPal password too or any other account that uses the same credentials. However, before heading off to do such a task, it is imperative that you make use of good password practices:

  1. Don’t use the same password on multiple sites.
  2. Create a strong, complex and unique password.

Employing the use of a password manager, like my1login will not only help you implement strong complex passwords for all online accounts, those passwords can easily be changed if a specific account is hacked. It also removes the hassle of having to remember individual logins.

my1login Password Management for Businessmy1login allows you to use one super strong and unique password that grants you access to all of your account, without having to remember the individual logins. Therefore, you can create strong complex passwords for all your accounts, for example a typical password for your gmail account could be “$~dY>zD9n_+J]SkMZoPlZhBZ3″ and a typical password for your Facebook account could be “DCTt8B-4J#F$Hxssv7}3k)oax”. The length and entropy of these passwords make them extremely strong, and using different passwords for all your accounts means that should any remote site be compromised no other account of yours would be compromised.

Using my1login also eliminates the need to rely on insecure practices such as writing passwords down or storing them in documents, spreadsheets or even on your phone. Passwords can also be securely shared using my1login meaning you’ll never need to email a password, or need to select a weak password because it’s simply easier to convey?

If you’d like to see how my1login can improve your online security and help protect you against hacks, try out the my1login password manager for free, or leave your email address and we’ll send you an information pack.


 

 

Topics: Articles




Check Out Our White Papers

ten-signs

5-reasons-sso-projects-fail