Experts: eBay users should change all similar passwords

WISH Photo

INDIANAPOLIS (WISH) — eBay is the latest company to fall victim to a cyber-attack. The company is asking all users to change their passwords.

They say the attack compromised a company database that contains names, passwords, email addresses, home addresses, phone numbers, even dates of birth.

eBay says there is no evidence financial information was shared, but experts say that doesn’t mean anyone should take this one, lightly.

“Any type of a breach, especially when companies start telling the media, is not trivial,” said Dr. Marcus Rogers, the Director of the Cyber Forensics & Security Program in the College of Technology at Purdue University. “Businesses have the attitude, they leak a little bit out at a time, so we don’t really know how big the eBay breach is at this point. Like with the Target breach, they tried to downplay it at the start, but it turned out to be twice as big as it actually was.”

Rook Security in downtown Indianapolis monitors online security for companies across the world. They say this should be an alert to users, not just to change their eBay passwords, but any password that matches that one.

“The concern is, people reuse passwords. If they’re able to crack that database, or find that specific password, they could probably apply that to other resources this user has… like bank information, a Pay Pal account,” said Tom Gorup, Security Operations Manager with Rook Security.

“Their ultimate goal is not to get your eBay password,” added Rogers. “What they want to do is see if that can be linked to anything financial.”

Gorup recommends also watching for emails, texts or calls, claiming to ask for eBay passwords or email. He says it could be just another way hackers are looking to get that inside information.

“There will be phishing emails coming out in the immediate future, trying to coerce users to click on links, enter in email and password for eBay, thus giving up that information,” added Gorup.

Rogers says he believes this is a targeted, organized crime. He predicts it will get worse, before it gets better (we will see more attacks in the coming year), because many companies have outdated security technology because it’s not required that they have anything more.

Rogers also says the fact that companies can wait to tell the public about a breach is dangerous. He says eBay waited two and a half months to tell the public. provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others and keep the conversation on topic and civil. If you see an inappropriate comment, please flag it for our moderators to review.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s