The importance of monitoring your computer system and personal information simply cannot be overstated. In today's online environment, hackers hungry for users' account information and other sensitive details seem to be lurking around every corner. To keep these attackers at bay, companies must always have an eye on system and account activity, and be able to react quickly should anything suspicious arise.
eBay Breach: A Brief Overview
By now, nearly everyone—whether an eBay account holder or not—has heard about the data breach that exposed the personal information of an untold number of its 145 million members. According to BankInfoSecurity, the breach came in late February or early March 2014, after a small pool of employee logins were compromised. Accessing these credentials allowed hackers to infiltrate the company's corporate network.
Although cybercriminals were unable to reach customers' financial information, they did compromise a whole host of other details, including names, email and shipping addresses, phone numbers, and dates of birth. After discovering the security incident, the company urged its members to change their passwords immediately to prevent fraudulent activity on their accounts.
"eBay regrets any inconvenience or concern that this password reset may cause our customers," eBay noted in a public statement. "We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure, and trusted global marketplace."
Due to the gravity of the breach, the company soon came under investigation by public officials, who noted that clients trust brand retailers like eBay to protect their personal data when they do business with them. BankInfoSecurity reported that among those examining the details of the breach are attorneys general in Florida, Connecticut, Illinois, and New York. Additionally, officials in South Dakota and Iowa published their own notification statements to eBay clients in their states.
The purpose of the majority of these investigations is to determine if any security missteps were made by eBay, as well as what the company is doing to prevent future incidents like the breach.
"However, the most important step for consumers to take right now is to change their passwords and to choose strong, unique passwords that are not easily guessed," noted Connecticut Attorney General George Jepsen.
No Financial Information Breached, No Problem, Right?
While hackers were unable—or chose not—to compromise customers' financial information, this doesn't mean the breach was a harmless incident. Having access to members' names, addresses, birthdates, and other personal details can be just as dangerous as if cybercriminals breached their banking account information.
Forrester Research Security Analyst Tyler Shields noted that in the case of the eBay breach, hackers have enough sensitive details to commit fraud. This could include identity theft and a range of other deceptive activities.
"Lots of attack scenarios can be devices when you know the email address, home phone number, and home address for 145 million people," Shields pointed out.
This security episode shows the importance of monitoring a corporate system to ensure protection of client information. Although the breach occurred much earlier in the year, it wasn't discovered and made public until several months later. Had eBay had a more robust monitoring system in place, the company could have recognized the suspicious activity before it led to such a large-scale breach. For instance, had the firm noticed when the initial employee credentials were compromised, they could have reacted and prevented hackers from breaking into its corporate network and accessing client details.
To thwart hacker activities and avoid leaking sensitive business and customer information to cybercriminals, organizations must have an overarching security monitoring solution in place.