Yet another cyber attack on a corporate database has online security experts calling on companies to improve the way they keep our private information private – and possibly replace traditional passwords.
EBay revealed Wednesday that a database containing encrypted passwords had been compromised, giving hackers access to the names, email addresses, physical addresses and phone numbers of many of the e-commerce website’s 145 million users.
This ‘reassurance’ has come under fire from experts however, with Troy Hunt, security expert for Microsoft complaining: “What’s being implied here is that absence of evidence is evidence of absence and that’s not always the case.
“There have been many prior examples where attacks have occurred and companies have issued statements on the scope of the breach only to revise it upwards shortly thereafter, sometimes multiple times”, he told the Irish Independent.
Another security expert has criticised eBay’s lack of proactive approach with regards to informing its customers, who may have missed the media headlines. Graham Cluley, senior security expert for IT firm Sophos suggested that the site should contain a message about the breach, informing customers of how they should proceed.
Instead, he said, “users have to dig around in eBay’s press section for news… and even then they don’t tell folks how to change their password.”
The main area of concern however, is that the cyber-attack could mean that users’ other online accounts are compromised, if they happen to use the same password for multiple sites. And this is what eBay should be telling its customers.