People are waking up today to news of another data breach affecting a major company. This time it’s EBay and if you’re an eBay customer you need to take action right away.
We don’t have full details but here’s what we do know from EBay’s announcement. Sometime between late February and early March 2014, attackers were able to compromise eBay employee accounts. These attackers were then able to leverage those accounts to access an eBay database that contained customer information. Specifically:
|
|
Right now, eBay is saying that they have no evidence of fraudulent activity. And eBay is saying that this data breach does NOT affect PayPal accounts: according to them those are stored on separate systems.
If you’re an eBay customer, what this means first and foremost is that you should change your password right away. With the ongoing spate of data breaches like this, it’s all the more important to try and use unique passwords for each site. This is where a password manager tool like Trend Micro’s DirectPass can help.
Beyond changing your password, this incident shows again why you may want to look into real time identity theft monitoring as well. Unlike other data breaches we’ve seen, this one includes physical address, telephone number and date of birth, all of which can make it easier for criminals to steal your identity. Just changing your password won’t protect you against this threat.
At the start of 2014, Raimund Genes, our Chief Technology Officer predicted one major data breach each month. Between this, the Target and Nieman Marcus data breaches, that prediction is looking accurate, sadly.
For another view on this situation, see Rik Ferguson’s over at his Countermeasures blog where he outlines five questions for eBay that can apply to any vendor.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.
