You'll probably have heard rumblings in the news that eBay was recently the victim of a cyber-attack - the online auction giant was hacked and information relating to an estimated 145 million users has been compromised. Most of us are registered with the site, thus it's not surprising that concerns abound.
Here's a brief summary of what happened:
The attack
On 20 May, eBay officials revealed they had been targeted by cyber criminals. While the discovery was made in May, an investigation found the initial attack may have taken place as early as February. According to reports in Metro, it is thought the hackers managed to breach the log-in details belonging to several eBay staff in order to gain ac cess to the 'gold mine' of data held within its myriad systems.
What was taken?
The attack obtained user information such as dates of birth, names, email addresses, phone numbers, residential addresses and passwords. EBay says it has no evidence to suggest that financial information was accessed, nor that PayPal details w ere affected as data for this is stored separately. It adds that the passwords were encrypted, but should be changed regardless - especially if they are used on other websites.
The threat
Although no financial data was taken and it's unlikely that encrypted passwords can be deciphered, Telegraph technology reporter M atthew Sparkes says that the threat lies wherein personal information could be used 'to commit identity theft' or as a 'handy database for spammers' - victims could receive convincing, yet dangerous emails which could trick them into disclosing financial d etails or sending money. The emails could just as easily contain computer viruses that wipe a person's hard drive. However, if you change your eBay password and don't use it for any other site, then users should be safe.
How did eBay react?
EBay carried out an investigation to establish the extent of the damage and then told the world's media of the attack to give users the opportunity to take action - something that it wasn't actually obliged to do, PC Pro claims. Officials told BBC News that eBay was working hard to fix the issues and put further security measures in place, including an onsite password reset feature.
The backlash
Users have naturally reacted in different ways; some have considered eBay the real victims of the piece, while others have questioned their security provisions. Many have been angered by the fact they found out about the attack in the media and not from eBay in the first instance. However, Europol cybercrime expert, Paul Gillen insists that consumers should have sympathy for eBay and the people who are trying hard to rectify the breach, emphasising that they are not to blame. He feels that criticism in the media has been unfair.
How has eBay advised consumers to stay safe?
The message communicated in the press was that users should, first and foremost, change their passwords. This was emphasised in an open letter posted on eBay Inc from Devin Wenig, eBay Marketplaces president. He i nsisted that the company had security measures in place and that the password reset was a precautionary measure. The letter detailed several other steps the company was taking, which encompassed the addition of further protections and an ong oing investigation with security experts and the police.
What else can you do?
Naturally, people need to be aware and cautious about any emails that seem suspicious. Matthew Sparkes admits that while little can be done at this stage to recover any stolen information, users could check their credit rating - as any sudden drop could signify identity fraud. He also adds that users should change their password to one which is longer and potentially nonsensical. Deliberately misspelling words and using different symbols can fox the password-cracking programs that hackers employ. Exercising common sense is, naturally, a pre-requisite of using the internet in any shape or form.