Last week eBay announced it has been subject to a sophisticated and high profile hack. Back in late February or early March, 233 million users personal details were stolen. Hackers used stolen eBay employee identities to gain access to servers that stored personal data of all their customers -unencrypted! They hit the jackpot, stealing data of the highest value. This included names, email and postal addresses, phone numbers and dates of birth.
What’s the next step to protect yourself and how worried should you be?
Let us not beat around the bush, although vital, changing your password is not going to make this go away. Although passwords were included in the haul, these were encrypted. So its unlikely they can be used to log in.
Phishing emails sent to you posing as legitimate contact from PayPal or eBay is the next step undertaken by hackers. They know your account and all your personal details to include. This just might trick unsuspecting targets to handing over passwords to accounts. It wouldn’t take too much digging to find out which websites your email address is associated with.
With the mass of personal details they do have, scammers can do much more. The main target is thought to be identity theft. They have all the info they need to pose as the victim. Making purchases, making credit applications and opening accounts with ease.
Conning A Con Artist
These are not small time opportunists we are dealing with. They are highly organised, experienced ‘artists’ that know exactly what to do with your data. eBay is not likely to have been the only target, maybe just the only one we know about yet. Its unlikely the hackers will use the data themselves, they will sell the data in small numbers. All for for a hefty fee of course.
Several websites have reported the data being sold on ‘dark’ web locations. However several of these have been proven to be fake. Samples posted as proof of the hack have been shown to be fake or old data. So its not just the average Joe being conned of a few bitcoins!
What Can I Do?
Almost nothing. The amount of data that has been breached is on such a level that it can’t be protected. This is not going to go away over night. But there are simple things you should follow.
Change your eBay and Paypal password. If you’re one of the 76% of people I see using the same password for everything, stop! It is not unusual of hackers to try your details at every site they can, and see what works.
Also Read The Official eBay Post Requesting A Password Reset
Your password should be protected like your debit card. The longer and complicated it is, the better it is for you. Strike a balance between “hard to crack” and “hard to remember”.
Make up your own abbreviations or misspellings. Mix numbers with letters, and don’t use any names or dates. If you struggle to remember passwords, consider using a password app or service such as 1 password 4.
Be extremely wary of any emails that arrive asking for your details or for you to click a link. Check the authenticity of everything. It might seem like an email from a perfectly legitimate e-commerce site. However you might not know that clicking on one such link might trigger the download of some malicious software to your computer in seconds.
Mail services offer robust phishing and spam protection these days. Make sure to turn on any spam email and virus protection from your provider. Popular mail services such as Gmail, Yahoo! Mail etc have this on by default. But things might still slip through. Whenever in doubt, check with whoever sent the email first.
Financial institutions have advised users to check credit ratings with services like Experian. Flag anything that doesn’t seem right, and keep an eye on it. Some credit organisations or banks will watch over it for you, it wont just be used on eBay. Unless you change your name and/or move, this data can be used for years to come. It may show up after the dust has settled and people have become lapse again.
It can be a scary place, the internet, but such large-scale hacks such as these are rare. Have you had any experience with identity theft? Do you have any advice or tips to share to better protect people? Let us know in the comments below!