28 May 2014
Description entered. Item listed. It’s so easy to find something of value online – antiques, memorabilia, sensitive user data. There are a number of websites cybercriminals can use to list and sell stolen data, which is – more often than not – highly sensitive and incredibly valuable to those who know how to use it.
In the light of eBay’s recent security breach, which the company took weeks to inform users about, I’d advise businesses to reconsider where their weaknesses lie. Whilst you might have the basics in place – and even then I’d argue you’re one of the minority, as many ecommerce sites still don’t want to invest in dedicated firewalls – security threats can be internal too.
eBay have said that cybercriminals were able to compromise employee login details, so this was their point of weakness. Putting good technology in place is a positive first step, but what about training your employees and giving them the right tools to defend themselves and the business? Invariably, if you’re an online business these days, it’s likely you’ll come under some sort of attack. Could we better prepare ourselves to react to this as we do with, say, office fire drills?
Personally, I think if you’re a big online ecommerce platform like eBay, you have a moral obligation to put your hands up, admit to mistakes, and allow customers to make the necessary changes as soon as possible. I’m disappointed to hear how long it took them to alert their customers and whilst I understand that they wanted to investigate the issue, people will have been targeted during that time. Financial details might not have been leaked but what about identity theft and banking scams? There are some incredibly sophisticated hackers out there and they’re a force to be reckoned with.
If you use eBay and you’ve not changed your password, I’d advise you to take that precaution. That being said, if you use the same password across multiple sites, it’s imperative that you make changes to all of them. If hackers get hold of one set of information, they will try it out on other accounts to see whether they can force those too. The best way to prevent this is by having different passwords for different accounts.
I hope that, over time, we’ll see more hackers turning their hand to helping others with the skills they have. Yesterday I read that a former member of Anonymous had helped the FBI to prevent cyber attacks after being arrested in 2011 (which reminds me a bit of the film ‘Catch Me If You Can’). Whilst it might have taken an arrest for him to start using his knowledge to make a positive difference, I believe that everyone deserves a second chance and he is making up for his past misdemeanors. We’re all capable of doing good things; sometimes we just need a little help to realize it.