eBay Security Breach Delivers 10 Lessons for Enterprise IT Executives

By Don Reisinger  |  Posted 2014-05-22 Print this article Print

Another day, another company that has disclosed that one of its main databases has been hacked and user information has been compromised. So far eBay hasn't divulged full details of the breach. Reportedly the attackers accessed about 145 million records. Now, the online auction company is urging its 128 million active users to change their passwords. The attackers were able to access everything from users' full names and addresses to email addresses. But eBay asserts that the compromised database didn't contain financial information, which the company encrypts anyway. The company also said PayPal users weren't impacted. The breach, which is just the latest in a long list of security issues that have affected large enterprises with large customer bases, should teach us a lot about security, or the general lack of it, across the Web. The massive Target breach in December showed what can happen when huge databases containing customer information are breached and the data stolen.  Reports about eBay demonstrate, once again, how even a huge Internet business, which should know how to defend itself against sophisticated cyber-attacks, can be compromised.  This eWEEK slide show highlights what we can learn from this latest attack.

  • eBay Security Breach Delivers 10 Lessons for Enterprise IT Executives

    By Don Reisinger
    eBay Security Breach Delivers 10 Lessons for Enterprise IT Executives
  • Never Use the Same Password on Multiple Websites

    The same passwords shouldn't be used on multiple sites. Engaging in such an activity is almost as bad as having no password at all. In its May 21 letter to users, eBay urged customers to change all passwords across all the sites they use, and to never use the same password for two different services. Having unique passwords for every site might take more effort to manage, but it's a necessity in today's insecure world.
    Never Use the Same Password on Multiple Websites
  • Don't Trust Any Company

    No company can be trusted. Although there was a thought at one time that smaller firms were most likely to be affected by security breaches, now it's clear that even the biggest companies in the world can get hit with major hacks. Therefore, it's incumbent upon users never to trust a company with their data.
    Don't Trust Any Company
  • Expect to Be Hacked

    It's sad to say, but today's Web users should expect to have their information stolen at some point in their lives. Considering hackers have been able to break into government data centers, retailer servers and, now, eBay, among many, many others, it's practically impossible for anyone to be safe from being hacked, no matter what they do.
    Expect to Be Hacked
  • Financial Information Tough to Grab

    There is perhaps a single bright spot in the eBay news: Getting credit card information isn't simple. Target was able to keep credit card data encrypted and supposedly safe from hackers, and the same is true for eBay. At this point, financial data security seems to be working, at least.
    Financial Information Tough to Grab
  • Companies Aren't Learning From Issues

    At what point will companies start to learn from the hacks that have affected so many other firms? It seems that there's a sense in the security community that just because one company was hacked, it won't happen to another. It's a false sense of security and it's causing breaches that are wreaking havoc on companies across the globe.
    Companies Aren't Learning From Issues
  • The Enterprise Is Not Doing Enough

    For enterprise IT decision-makers, all this news of data being hacked should be a wake-up call: You're not doing enough. While many IT decision-makers might believe that their corporate data is secure and they have nothing to fear, it's becoming increasingly apparent that believing that is a mistake. Assume you're not doing enough with security, IT professionals, and maybe you'll just get lucky and not get hacked.
    The Enterprise Is Not Doing Enough
  • Hackers Are Winning

    The malicious hackers targeting companies around the globe are winning. And it's about time someone said so. For too long, the security community has pretended that it can keep pace with malicious hackers. The truth is that it can't, and it won't, until it realizes that the hackers are better at what they do. We'll never be safe as long as the malicious hackers are outpacing those folks who are supposed to be protecting us.
    Hackers Are Winning
  • Companies Don't See the Attacks Coming

    It's shocking to see that so few companies see attacks coming. Despite all the concerns with security and data breaches, firms aren't doing things as simple as monitoring database access or server queries. This is basic security that companies aren't doing because, first, they don't spend enough money on it or, second, they don't have the time to care. Following basic security policies might have stopped the eBay attack from happening.
    Companies Don't See the Attacks Coming
  • They Don't React Swiftly to Them

    To make matters worse, once a flaw is exploited, companies are literally taking months to react. In fact, eBay admitted that the attacks occurred in late-February and early-March. Yet the company didn't discover them until two weeks ago, and it took an additional two weeks for the company to inform the public. That's embarrassing, and eBay has some serious explaining to do.
    They Don't React Swiftly to Them
  • Answers Aren't Solutions

    The truth is that eBay's response to its data breach—change passwords and don't worry about your financial information—hardly inspires confidence. The same might be said for Target, which could only offer apologizes and credit monitoring. The answers the affected companies are providing aren't solutions, they're Band-Aids. At what point will we all realize that the affected companies should be providing us with real solutions to the problems we face—and not simply handouts to make it all go away?
    Answers Aren't Solutions
Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis' Gearlog.com. Since then, he has written extremely popular columns for CNET.com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel