In nutshell, the eBay data breach story is a practical example of how a simple oversight in network access on the part of employees could lead to a massive compromise.
The company advised its nearly more than 140 million users to change their password after a number of employee credentials were exposed to risks. The compromise resulted in unauthorized access to eBay’s network, though it refused to share data on how many users were affected by the data theft. Those pieces of information including phone number, email address and usernames could also be used for phishing attacks.
Although the stolen information is encrypted, it won’t be long before hackers could decrypt the data. Thus the call to change the password is of utmost concern at least to mitigate further risks on other users. There’s only one hitch in the work: never create a weak password that can be easily guessed nor should you enter the same passwords into all login portals for all websites that you subscribe to.
Reports pointed out that the eBay breach occurred from February to March, but it remains unclear how hackers were able to penetrate the company’s network and took possession of sensitive information.
There are a variety of methods for attackers to infiltrate into a network and run off with valuable assets such as email address and password. The most usual scenario is when a user has only one password used for, say, email and social media. If either of the services could be compromised, the other is affected as well.
Employers, especially large companies like eBay, share the responsibility of protecting user data and enforcing a policy in an organization to ensure employees separate their corporate credentials from their personal online activities.
Read also: Enterprises lagging behind in controlling insider threats
Since the weakest link in the security chain is the user, it is important to educate users on the proper security measures online. Additionally, adoption of two-factor authentication plays a vital role to maintain a network’s stronghold. At the very least, when your credentials are stolen, hackers will have to surpass another hurdle in order to make use of them.
These measure are so far the best shield against data breach since most cases start out with a compromise of employee credentials.
Hackers have also been using malware infection to penetrate a network by first installing a malware on an employee’s personal device, which will be used then to access a corporate network. This is where most organizations fail: to secure an employee’s personal laptop or mobile device.
Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!
George says
The companies should implement two factor authentication at the earliest. Before authenticating a transaction a one time password (OTP) sent to mobile or email that restricts any unauthorised access.