Keep Our Service Free-Donate

Saturday, May 24, 2014

eBay Joins Long List of Hacked Accounts


 

Poor Man Survival

Self Reliance tools for independent minded people…


 

ISSN 2161-5543

 


Worried about Identity Theft, hacked accounts, loss of privacy?  Thank the un-Patriot Act which forces everyone to share their Social Security Numbers for everything from non-credit accounts to going to school, compromising our privacy and security or as many call it, the Mark of the Beast.

 

eBay Joins Long List of Hacked Customer Accounts

  We’ve all heard about breaches of customer security at Target and other businesses over the past two years.  The Poor Man has warned repeatedly that no account is secure and indeed has had his own account hacked recently.

The impact of the un-Patriot Act has been to sabotage privacy in America forcing even pre-paid debit card issuers to force customers into sharing their Social Security Number, which has been proven as the number one cause of Identity Theft, the fastest growing area of crime in the United States.

The following is an excerpt from EcommerceBytes:

Cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network. The attackers gained access to users' encrypted passwords and sensitive information, the type that could be used in phishing or social engineering attacks, but they did not access users' financial data.

eBay said it had no evidence of unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.

Hackers did gain unauthorized access to a database of eBay users that included customer name, email address, physical address, phone number and date of birth along with their encrypted password. However the file did not contain social security, taxpayer identification or national identification information, the company said.

eBay advised users to change their passwords as a best practice.

PayPal said it was not impacted by the attack - PayPal spokesperson Jennifer Hakes told EcommerceBytes that extensive forensic research showed no evidence of unauthorized access or compromise to personal or financial information for PayPal customers. "PayPal customer and financial data is encrypted and stored separately, and PayPal never shares financial information with merchants, including eBay. PayPal account holders should consider changing their passwords only if their credentials are the same as those they use for eBay."

Impact on Auction Sellers
Aside from the fact that shoppers may temporarily become wary of using eBay, there's a more immediate concern for sellers, especially those conducting auctions. In an email sent on Thursday morning, eBay seller
PWCCAuctions.com wrote:

"Though the effects of this breach may be superficial, eBay is choosing a conservative tact, forcing all members to update their current password. In the coming days, eBay will be sending emails to all users; once received, your account will be frozen until the password is updated.

"It is important to note that while your account is frozen, all snipe bids connected to that eBay account WILL NOT be placed. Once the eBay password-change email is received, we recommend following the prompts and then quickly going to your preferred snipe website to re-connect your account with eBay.

"We encourage folks to watch their eBay email closely and to respond with an updated password promptly (on both eBay and your preferred snipe website) to avoid inadvertently losing out on items."

In an eBay FAQ about the incident, "Do I need to take any specific action as a seller?" eBay states:

"To protect buyers and sellers, we are asking all eBay customers to change their password the next time they log into their eBay account. No activity can occur on your account until you change your password. You can change your password at www.ebay.com/reset the next time you log on to eBay.com."

And it wrote, "It means that you will not be able to make a purchase or create new listings until you have changed your password. You can change your password at www.ebay.com/reset now or the next time you log on to eBay.com. The same will be true for all other buyers and sellers on the marketplace."

Risk of Identity Theft
Experts are advising eBay users to be extremely wary of emails appearing to come from the company but actually originating from fraudsters, known as phishing emails. eBay compounds this problem by how it has historically communicated with users. For example, regular emails eBay sends to the author contains a message at the top, "eBay sent this message to Ina Steiner (user name). Your registered name is included to show this message originated from eBay."


Now that cyber criminals have accessed eBay's database that contained their names and email addresses, it will be easier to trick users into thinking the emails are genuine and containing links to spoof websites that ask them to log in, thus capturing their passwords.

How It Happened
How and when did it happen? eBay said the cyber attackers compromised a small number of employee log-in credentials between late February and early March, allowing unauthorized access to eBay's corporate network.


eBay first detected the compromise about two weeks ago. Why did it take the company so long to inform users? eBay did not respond to any of our inquiries throughout the day, including emails and phone messages.

On an FAQs page, it wrote, "eBay has a responsibility to fully understand the facts which required a full investigation. As soon as we knew what had happened and determined the best course of action, we acted immediately to disclose. We have seen no spike in fraudulent activity on the site."

EcommerceBytes interviewed former PayPal employee Liron Damri, now COO at Forter, who is an expert in identifying account takeovers. We asked Damri why he though eBay waited 2 weeks before letting users know about the attack.

"In order to minimize the impact of such an event, one needs to identify the hackers to prevent them from striking again," he said. "During those two weeks, eBay had the time to better analyze and identify the suspicious activities, making it harder for the hackers to act on behalf of the account owners. By doing so, they are now able to assure that no password is being changed by the fraudsters themselves."

What can he deduced about the breach and how did he think employees' credentials might have been stolen?

"While we know very little details from the official announcement, we can say that PayPal employees are generally early adapters who trust the web way more than the average user," Damri said. "The more you share online, the greater your chances of being a victim of fraud."

Find privacy protection resources here:


 


Ultimate Guide to Low Profile Living: 253 Cutting Edge Strategies to Reclaim Privacy


 

The solutions to surviving the war on the Middle Class can be found in our new e-book.

 Discover life-saving ways in which you can survive and prosper during The End of the Monetary System As We Know It. This is the information that your financial advisor, your doctor, your police precinct and your government hope you never discover…plus learn how food is your best investment!


 


No comments: