The Impacts of eBay's Security Breach of 2014
Technology is increasing at an accelerated rate across our world today. The spread of the Internet, efficient tracking logistics, and faster modes of transport make such things as international commerce possible.
Nowadays, there are multiple selling websites and platforms that offer products to consumers in multiple countries worldwide. However, with the rise of technological advances come the dangers of hacking and security breaches. That is exactly what happened back in 2014 to the multinational corporation known as eBay.
In February and March of 2014, eBay’s security was compromised by cyber attackers. The assets stolen were “encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth” according to The Washington Post (Peterson 2014). However, it wasn’t disclosed to the public until May. I say disclosed because the article mentions how the company were conducting their own research into what happened for weeks before publicly announcing their predicament.
The impact of the security breach was on a large scale, affecting all users of eBay. The article mentions “145 million active users”, but I’m sure that the number is much higher than that since eBay users are sellers and buyers from all over the world. In addition, the number only pertains to the active users but the attack was not specifically targeting the active ones, so it must reach the inactive users as well.
Though financial assets weren’t pilfered, a lot of personal information was; which was a loss of confidentiality. As a result of this security breach being so far-reaching, eBay asked all its’ active users to change their password. I personally don’t feel this was enough since there is a true risk of identity theft and phishing dangers. There is a lot that could be done with personal information, that could affect one’s credit or finances.
The hackers were able to access eBay’s users’ private information by exploiting an internal threat, the company’s own employees. In this case, it seems like the corporate employees were unintentional participants because the attackers used their authorizations to gain access to the data. As of yet, the cyber criminals have not been caught and no one has come forward to claim credit. Through my research online, I found a Wiki page (“EBay”, Wikipedia, section 4.1) that connected this security breach to SEA (Syrian Electronic Army, a well-known hacktivist group) but I believe it to be wrong.
The reason I feel it was incorrect is because their group hacked eBay’s servers at the beginning of February (instead of late Feb-Mar that was associated with this breach) and very publicly took responsibility for it by informing media and replacing the logo on the website to their own. If they had also been in charge of this data breach, wouldn’t they have done the same thing and notified the proper information channels to essentially brag about their accomplishment?
In this present time, security breaches and data hacking are common occurrences. Not only to individual users or small businesses, but it also happens to major companies and multinational corporations. No entity is truly safe from a cyber attacker, but what we can do is increase security procedures, be more vigilant, and educate employees. In doing so, maybe we can lessen the potential threats and protect ourselves from a network attack.
Cite this Essay
To export a reference to this article please select a referencing style below