eBay is now facing multiple investigations over the hacking scandal. Various other companies are also considering starting their own investigations as the auction site has not been open about the breach. It took a leak for the word to get out that hackers now have passwords, email addresses, physical addresses, names and dates of birth of 145 million users.
The hacking actually took place sometime in late February or in early March. However, eBay was not aware of the hack until early May. With two months to use the data, customers have been left shocked and worried that they could become victims of identity fraud. There is also the question of whether any other information is safe online, especially on the auction site.
So far, three states and European committees have stated they will conduct investigations into the actions of the website. Officials want to know how the breach happened, the information that was taken, and what—if anything—the auction giant is doing to ensure something like this does not happen again.
When companies are hacked, alerting customers is usually the first thing. While the companies want to ensure that customers’ details are safe, they need to make sure customers are aware of the threat and are able to make necessary changes and password updates as quickly as possible. This was something that the online auction giant refrained from doing, believing the hack was not that detrimental since credit card and PayPal information could not be taken.
It is partially due to the lack of urgency that has led to eBay now facing multiple investigations over the hacking scandal. The company has to understand that customers’ personal information is kept on file, and that could lead to problems with identity fraud.
The company continues to say that passwords were taken in their encrypted form, but that does not mean the encryption cannot be broken. The passwords were stored in the more difficult way to break, through a process called hacking, but that encryption can eventually be broken.
eBay is not just facing complaints from users who now have their details stolen. It is also facing complaints over the recommended strong passwords. According to Troy Hunt, a blogger and software developer, a password that contains at least four uppercase and four lowercase letters, four numbers and four special characters and is 20 characters in length is only considered medium strength. However, something like $uperman1963 is considered strong. Many people rely on the indicators on the site to know just how strong their passwords are, and could be putting themselves at risk.
There is also the complaint that users still have not received an email to explain the hack. Those who have miss out on the news for various reasons—like being on holiday—could run the risk of not changing their passwords in time. It is the responsibility of the company to inform all customers in a timely manner, and it has had almost three weeks since finding out about the hack. It is not surprising that eBay is now under investigation by multiple companies over this hacking scandal.
By Alexandria Ingham