eBay hack could result in social engineering schemes


What is scarier: an attacker with access to your eBay account, or an attacker with knowledge of your home address, phone number, and date of birth? I’ll give you a hint–nobody really cares about your eBay account, but the other information can be used for social engineering.

eBay revealed that it was the victim of a massive data breach that resulted in the compromised of encrypted passwords, names, addresses, phone numbers, email addresses, and dates of birth. There is a lot of attention being paid to the passwords, but the more valuable data is all of the unencrypted personal information the attackers now possess.

Here is an excerpt from my PCWorld article on this:

You’ve probably heard by now that eBay is the latest victim of a massive data breach. The popular online auction site has asked users to reset their passwords as a precautionary measure, but the data that matters most is already compromised, and there is nothing you can do to “reset” it.

Details are still sketchy—sort of standard operating procedure for data breach incidents. What we know is that the breach occurred between February and early March, but was just recently discovered. eBay claims that email addresses, encrypted passwords, names, addresses, telephone numbers, and user’s birth dates were compromised.

Because the passwords were encrypted, there is no immediate risk, but it’s only a matter of time before attackers are able to decrypt them. It definitely makes sense for eBay users to change their passwords. It’s also worth reiterating standard password security practices like making sure you use a strong password, don’t use the same one for multiple sites or services, and change them periodically.

But your eBay password may be the least valuable piece of information from the data that was compromised…

You can read the complete PCWorld article here: eBay hack could result in social engineering schemes.


About Author

I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 2 dogs, 5 cats, 1 rabbit, 2 ferrets, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

Comments are closed.