What is scarier: an attacker with access to your eBay account, or an attacker with knowledge of your home address, phone number, and date of birth? I’ll give you a hint–nobody really cares about your eBay account, but the other information can be used for social engineering.
eBay revealed that it was the victim of a massive data breach that resulted in the compromised of encrypted passwords, names, addresses, phone numbers, email addresses, and dates of birth. There is a lot of attention being paid to the passwords, but the more valuable data is all of the unencrypted personal information the attackers now possess.
Here is an excerpt from my PCWorld article on this:
You’ve probably heard by now that eBay is the latest victim of a massive data breach. The popular online auction site has asked users to reset their passwords as a precautionary measure, but the data that matters most is already compromised, and there is nothing you can do to “reset” it.
Details are still sketchy—sort of standard operating procedure for data breach incidents. What we know is that the breach occurred between February and early March, but was just recently discovered. eBay claims that email addresses, encrypted passwords, names, addresses, telephone numbers, and user’s birth dates were compromised.
Because the passwords were encrypted, there is no immediate risk, but it’s only a matter of time before attackers are able to decrypt them. It definitely makes sense for eBay users to change their passwords. It’s also worth reiterating standard password security practices like making sure you use a strong password, don’t use the same one for multiple sites or services, and change them periodically.
But your eBay password may be the least valuable piece of information from the data that was compromised…
You can read the complete PCWorld article here: eBay hack could result in social engineering schemes.