SUBTITLE: Security news
ACTIONS: Change your passwords
Online auction mega-site eBay recently disclosed a major data breach from earlier this year that exposed personal information of an unknown number of users. While the scale of the breach is a bit fuzzy, the fact that the attackers had almost unrestricted access to the company corporate network for an extended period is very worrisome. eBay maintains that financial data was not accessed, but personal information including physical addresses and date of birth was in the database that was compromised. While there are no details on the method of data protection, standard best practice in these cases is to assume that the bad guys will be able to read that data soon.
eBay promised to send out email notifications recommending a password reset to all users. Mytech encourages anyone who has used eBay in the past to immediately go to the site and change their password as soon as possible, using a strong and unique password. We also advise changing passwords for PayPal if you have an account there as well. If you do receive an email from eBay, please ensure that the email is a sending you to a legitimate domain (should be ebay.com) and not a fake address meant to trick you (like e.b-ay.c.om).
As always, Mytech encourages all internet users to never re-use a password from one site to another. A common threat from these data breach events is for an attacker to "crack" a password associated with an email address, and then immediately try that password and email combination on a number of banking, credit card, and email sites. This can cause you a lot of frustration and occasionally lead to identity theft or financial loss.
If you're concerned about your online safety please contact Mytech Partners, Inc. for more information.
eBay inc Blog Entry