eBay has opened up about the recent hack and admitted that it did not realize the severity of it. That is why people were not alerted to the news as soon as the auction site realized that there was trouble. However, that had certainly not gotten it off the hook for the poor decisions made.
It took a leak for the auction giant to finally admit that the website has been hacked sometime between the end of February and the start of March. It was the beginning of May that the security team realized that there was an issue, but everyone believed that customers’ data was safe. It does beg the question of how the global company did not realize that the information of 145 million people was compromised.
According to eBay, there was no suspicious activity that would alert the company to details being stolen. However, there have since been customers questioning suspicious payments through PayPal and credit cards. The company claims that no credit card or PayPal information was taken due to the information being on a different server, but information required for setting up accounts was taken. There is also the chance that hackers got into someone’s account and used any information stored on file in the accounts.
The online auction giant has defended its actions by stating that it believed customer information was safe. It took time for eBay to realize just how severe the attack was, and then immediately took steps to rectify it. According to a cyber-forensics expert Kevin Johnson, it can take some time for large companies to locate the threat and determine just how serious it is. While he has not worked with the auction website, he has worked with other Fortune 500 companies, and stated that sometimes it can take days or weeks to find the “smoking gun.”
Packet Ninjas CEO Daniel Clemens also defended the actions of the company. Holding off from alerting customers gives the company chance to locate the attackers. If eBay informed customers of the breach, the hackers could quickly cover its tracks and create back doors to be able to attack once the investigation into the details taken was complete. This would put customers’ information at more risk than it is right now.
It is difficult for the company to determine the best course of action, and the online auction site acted as it believed appropriate. However, customers have still not received emails about the alert, and have only started to change their passwords due to the news breaking out. The company defended this action due to the size of the email list. It is impossible to send out 145 million emails at once, and it will need to happen over a series of days or weeks. By that time, most customers will have likely changed their passwords.
The main focus for the site right now is to prevent this from happening again. The security team needs to implement new security checks to make sure the data is safe in the future. However, customers may be happy to know that the company is facing multiple investigations, especially since eBay did not realize how severe the hack was in the beginning.
By Alexandria Ingham