Practical tips on avoiding being the next victim
5. Basic data kept on websites can be used to steal identities
Though financial information was not stolen in the breach, there is still the danger of identity fraud. Hugh Boyes, the Institute of Engineering and Technology, says: "As an occasional eBay user, I am concerned that not only have they lost my email, username and password, but according to their website the loss includes home address, phone number and date of birth. The only item they are missing is mother’s maiden name and they have sufficient information to impersonate an individual when dealing with many financial organisations."
6. End users remain the weak spot in defending against data breaches
While companies can build robust defence systems, they still need to be mindful of their employees and their customers providing an opening for hackers. Gaurav Banga, co-founder and CEO at Bromium, says: "The fact that an eBay database containing highly sensitive user information was compromised through employee log-in credentials demonstrates that end users continue to be the weakest link in the chain and the most valuable to be attacked."
7. Attacks are being picked up weeks after the event
A report by the security arm of Verizon revealed that companies are still less likely to discover breaches than law enforcement or third parties, creating an inevitable lag in detection. David Robinson, chief security officer at Fujitsu UK & Ireland, said: "The fact that this breach was able to go unnoticed for a number of weeks is testament to the fact that companies need to be doing more as the cyber-criminal industry continues to evolve."
8. It may be time to ditch the password
Some banks have already moved to authentication involving card-readers, but other industries could well be advised to join them. Richard Parris, CEO and founder of Intercede, said: "All businesses, including eBay need to wake up to these risks and adopt stronger authentication for both employees and users of their services or sites. The answer lies in two-factor authentication – something you have and something you know. It’s now time for businesses and society to wake up to the fact that passwords are dead and we need a more secure alternative."