eBay Fails to Warn Its Users Against Cyberattacks

Posted by Stephanie Mau

on May 22, 2014

stock photo closeup password field on screen

The last time you put something up for auction on eBay, you probably didn’t think your password was also up for grabs.

Unfortunately, that is now the situation for an undisclosed number of accounts on the online auction site, as eBay revealed yesterday that their site was hacked over two months ago.

Some time between late February and early March, cyberattackers hacked into the eBay database using the log-ins of a “small number” of eBay employees. The company only discovered this attack two weeks ago, at which point they conducted a thorough investigation into its computers to figure out just how bad the damage was.

Fortunately for eBay users, the company says that the passwords are actually encrypted using a method known as “hashing,” which converts the text into jumbled code that cannot be converted back. For extra protection, the company also adds in a random digit or two to the passwords. According to password manager Dashlane, eBay’s method of password protection is rated “slightly better than average.”

However, eBay still hasn’t notified all of its 148 million active accounts that this happened.

Sure, the auction site placed a prominent warning on its homepage today, but how many of those users happened to check the eBay homepage in this time frame? One particular eBay user, Kurt Brown, is very upset over how the company is handling this.

“I think it is terrible,” he told CNN. “They can email us through their own system all at once. They send me a lot of emails encouraging me to buy certain things, they can tell me about this!”

Despite the relative safety of the account passwords, the hackers were still able to hack into a database that contained other sensitive information, such as customer names, account passwords, email addresses, physical addresses, phone numbers, and birth dates.

So while the cyberattackers may not necessarily be logging into your eBay account (and eBay has confirmed that they have not detected any fraudulent activity on the site as of yet), these hackers could still email you, call you – and they know where you live. Surely that warrants a mass-email from eBay.

Katherine Leckrone, another eBay user, puts it best: “The failure of eBay to be my source of information on this event gives me an impression that they are trying to skirt accountability or keep this event somewhat quiet. Being forthcoming and transparent generally garners better customer confidence.”

We all deserve to be protected from fraud and risk, and businesses deserve an independent ethics reporting company they can trust, one that is dedicated to safeguarding their operators against risk. Whistleblower Security is committed to promoting a culture of integrity, collaboration and transparency for our employees and clients. With a 24/7 whistleblower hotline, employees can be assured that all of their ethical concerns will be heard and addressed.

eBook: 7 Reasons to Implement a Whistleblower Hotline