It’s bad enough that the eBay hack compromised a database containing millions of encrypted passwords and other data. But, as can happen with such events, they have potential to spiral.
eBay owns PayPal. PayPal’s network was uncompromised. If the hackers succeed in decrypting eBay’s customer passwords, they may be able to gain access to PayPal customer accounts if user passwords are the same for both. Regrettably, many people repeat passwords for multiple online accounts; that’s even more likely when there is an association like that between eBay and PayPal.
It’s the simple things like not changing passwords that can get you into trouble. It’s also easy to forget them. Enabling two-step verification where available makes the sign-on process safer but even more cumbersome, and people aren’t inclined to add steps.
But consider the origin of the eBay breach; the attackers gained access to the corporate network by compromising some employees’ login credentials. That’s not to say the employees were not following best practices, just that you can never let down your guard.
“As consumers become more concerned about the security of their personal information, it puts pressure on every business to work closely with their information security partners to protect critical data,” said David Kidd, Director of Quality Assurance and Compliance for Peak 10.
The attack went on from late February to early March but was not detected until early May. You know that all the while the hackers have been toiling to crack the encryption. If you are like many people who use only one password, now would be a good time – like immediately — to change your ways, as well as your passwords.
For those of us who don’t have a knack for remembering lists of facts and figures, password manager software can help keep track of your different sign-in credentials.
Consider this a public service announcement from the nasty people who brought you the Target breach and the IRS, University of Maryland, Valley View Hospital, Snapchat and AIG data breaches. All but Target happened in the first quarter of 2014.