USA: Privacy expert: Companies like eBay must adopt stronger methods to protect data

Record ID: 695003

  • Title: USA: Privacy expert: Companies like eBay must adopt stronger methods to protect data
  • Date: 21st May 2014
  • Summary: WASHINGTON, D.C., UNITED STATES (MAY 21, 2014) (REUTERS) (SOUNDBITE) (English) JULIA HORWITZ, CONSUMER PROTECTION COUNSEL AT ELECTONIC PRIVACY INFORMATION CENTER, SAYING: "I think that eBay should re-examine the kinds of privacy protective technology that they're using, so they should look at their encryption standards and they should make sure that they're using the strongest kind of protection available."
  • Embargoed: 5th June 2014 13:00
  • Keywords:
  • Location: Usa
  • Country: USA
  • Topics: Technology
  • Reuters ID: LVA13AWQGSH6HENMNMQPHOX63HG7
  • Story Text: EBay Inc said on Wednesday (May 21) that a cyber attack carried out three months ago has compromised customer data, and the company urged 145 million users of its online commerce platform to change their passwords.
    The company said unknown hackers stole email addresses, encrypted passwords, birth dates, mailing addresses and other information in an attack carried out between late February and early March. The files did not contain financial information.
    An eBay spokesperson said a large number of accounts may have been compromised, but declined to say how many. EBay said it found no evidence of unauthorized access to financial or credit card information at its PayPal payments subsidiary, which encrypts and stores its data separately.
    EBay shares were down 0.2 percent late Wednesday afternoon, compared with a 0.9 percent rise in the Nasdaq Composite Index.
    The e-commerce company's stock has steadily fallen since late March as part of a broader slide in technology shares. Last month, eBay reached an accord with activist investor Carl Icahn, who had been calling for the company to spin out PayPal, which is growing quickly.
    Security experts advised eBay customers to be on the alert for fraud, especially if they used the same passwords for other accounts.
    An eBay spokesperson said the company was making the request "out of an abundance of caution" and that it used "sophisticated," proprietary hashing and salting technology to protect the passwords.
    Julia Horwitz, consumer protection counsel at the nonprofit Electronic Privacy Information Center, or EPIC, said that the company must take a serious look at its technology practices.
    "I think that eBay should re-examine the kinds of privacy protective technology that they're using, so they should look at their encryption standards and they should make sure that they're using the strongest kind of protection available," Horwitz said.
    EBay said its investigation of the breach is ongoing, with assistance from law enforcement.
    The company said it had not seen any indication of increased fraudulent activity on eBay and that there was no evidence its PayPal online payment service had been breached.
    EBay provided little information about how the hackers got in. It said they obtained login credentials for "a small number" of employees, allowing them to access eBay's corporate network.
    It said it discovered the breach in early May and immediately brought in security experts and law enforcement to investigate.
    The breach comes amid an increasing number of cyber incidents. Retailer Target Corp suffered one of the biggest breaches. Last year, hackers last year stole some 40 million credit card numbers and another 70 million customer records.
    "I think, unfortunately, I wasn't all that surprised to see there had been another data breach. Over the past year, we've heard a lot about internet firms having their databases breached," Horwitz said.
    Security experts say it is almost impossible to prevent hackers from getting into networks using social engineering techniques such as sending carefully crafted phishing emails that lure targets to tainted websites or entice them to click on malicious links. In some cases they infect websites frequented by their targets, such as the sandwich shop of a local restaurant or professional organizations.
    Horwitz said that while users can change their passwords, the ultimate responsibility falls to eBay and the government.
    "Changing your password is helpful a couple of times, I think, but after a while you run out of variations on your pet's name, so I think that after that the burden really shifts back to the companies and to Congress to make sure all the appropriate protections are in place," Horwitz said.
    EBay's shares fell as low as $50.30 in early trading on the Nasdaq before recovering to $51.83 in late afternoon.
  • Copyright Holder: REUTERS
  • Copyright Notice: (c) Copyright Thomson Reuters 2014. Open For Restrictions - http://about.reuters.com/fulllegal.asp
  • Usage Terms/Restrictions: None
Register