eBay's Big "Whoops": What Others Can Learn From It

1,211 views

Published on

The word “eBay” necessitates no introduction. It’s a household brand, and a very successful one at that. The company made $16 million in gross revenue in 2013, netting at about $2.8 million. In a highly-embarrassing series of events, the company that also owns and operates PayPal had to stand (digitally) before its users and announce that it has been hacked.

Published in: Technology
  • I enjoyed your slides and blogged on this topic this week with less focus on customers and more on how IT organizations can clean up privileged account management http://blog.avatier.com/ebay-privileged-account-management-auction/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

eBay's Big "Whoops": What Others Can Learn From It

  1. 1. What YOU Can Learn From eBay’s Security Breach The word “eBay” necessitates no introduction. It’s a household brand, and a very successful one at that. The company made $16 million in gross revenue in 2013, netting at about $2.8 million. In a highly-embarrassing series of events, the company that also owns and operates PayPal had to stand (digitally) before its users and announce that it has been hacked. Read On PerfectCloud Blog
  2. 2. WHAT HAPPENED EXACTLY?
  3. 3.  The Security Breach Between late February and early March, a still- unidentified hacker managed to breach eBay’s database, revealing passwords and personal information of customers and employees. It wasn’t until May that they recognized the breach. So, for roughly three months, every single account on eBay was as vulnerable as a gazelle in the middle of a large grassy field!
  4. 4. eBay released a statement assuring that users’ financial data has not been compromised, since this is stored in encrypted format on a separate repository. What about the passwords then?  How Did eBay Respond To This?
  5. 5. How To Avoid Such Instance at Your Company?
  6. 6.  As an individual, it’s important to protect your identity from such breaches.  Make strong and complicated passwords to make it really difficult for the hackers to decrypt it.  What if eBay’s financial database had been compromised? Considering eBay’s close relationship with PayPal, you’d have been completely obliterated if you used both services.
  7. 7. 1 Avoid using the same password for two or more services at all costs. No matter what you have to do to make sure you remember all of those passwords, do it and do it now. Use Different Passwords For Different Services Hint – Use a Single Sign-On service
  8. 8. 2 Create Strong And Complicated Passwords Don’t follow eBay’s advice when changing your password. It’s not going to save you from even the simplest dictionary attack. Learn how to create strong passwords.
  9. 9. 3 Find Out How Companies Store Your Data Don’t rely on something just because it has encryption. Try to understand how the company providing services to you stores its passwords and how it manages encryption and decryption keys.
  10. 10. Lessons Companies Can Learn From eBay’s Slip-Up
  11. 11.  Use Multi-Factor Authentication Your employees need multi-factor authentication. Your entire data infrastructure is as strong as its weakest database. The more ways to authenticate you introduce, the better off you’ll be when someone tries to bypass a password.
  12. 12.  Schedule Regular Audits Do you audit your application usage? If you don’t, you have nothing to compare when a hacker happens to breach an account in your company.
  13. 13. Don’t wait until a breach happens to tell everyone to reset their passwords. Remind your employees and customers to regularly reset their passwords. With staff that has access to sensitive information it should be done on a daily basis .  Implement Strict Password Policies
  14. 14. eBay went out of its way in its statement to say that its “financial information is encrypted”. Right. So, what about the rest? Don’t be that company.  Encrypt All The Financial And Personal Data
  15. 15.  Stay Alert Don’t take three months to detect a threat, especially one that’s already gaining control of your database. Look for the signs of a breach. Check login times and see if something doesn’t add up with what your provider is giving you.
  16. 16. Take a Few Precautions and Stay Protected From Security Breaches
  17. 17. To understand the presentation in depth read the following article – eBay’s Big “Whoops”: What Others Can Learn From It If you have any queries or feedback, send an email to contact@perfectcloud.io

×