INDIANAPOLIS (WISH) — eBay is the latest company to fall victim to a cyber-attack. The company is asking all users to change their passwords.
They say the attack compromised a company database that contains names, passwords, email addresses, home addresses, phone numbers, even dates of birth.
eBay says there is no evidence financial information was shared, but experts say that doesn’t mean anyone should take this one, lightly.
“Any type of a breach, especially when companies start telling the media, is not trivial,” said Dr. Marcus Rogers, the Director of the Cyber Forensics & Security Program in the College of Technology at Purdue University. “Businesses have the attitude, they leak a little bit out at a time, so we don’t really know how big the eBay breach is at this point. Like with the Target breach, they tried to downplay it at the start, but it turned out to be twice as big as it actually was.”
Rook Security in downtown Indianapolis monitors online security for companies across the world. They say this should be an alert to users, not just to change their eBay passwords, but any password that matches that one.
“The concern is, people reuse passwords. If they’re able to crack that database, or find that specific password, they could probably apply that to other resources this user has… like bank information, a Pay Pal account,” said Tom Gorup, Security Operations Manager with Rook Security.
“Their ultimate goal is not to get your eBay password,” added Rogers. “What they want to do is see if that can be linked to anything financial.”
Gorup recommends also watching for emails, texts or calls, claiming to ask for eBay passwords or email. He says it could be just another way hackers are looking to get that inside information.
“There will be phishing emails coming out in the immediate future, trying to coerce users to click on links, enter in email and password for eBay, thus giving up that information,” added Gorup.
Rogers says he believes this is a targeted, organized crime. He predicts it will get worse, before it gets better (we will see more attacks in the coming year), because many companies have outdated security technology because it’s not required that they have anything more.
Rogers also says the fact that companies can wait to tell the public about a breach is dangerous. He says eBay waited two and a half months to tell the public.