eBay Hack and How it Affects You
By now you would have heard about the eBay hack. A reported 200 million accounts were compromised with the hackers stealing encrypted passwords and other non-financial data like names, email and home addresses, phone numbers and dates of birth.
There are a variety of scenarios that could eventuate from a hack of this magnitude and today I would like to illustrate how this hack could potentially affect you:
Firstly, the Stolen Encrypted Passwords
With the encrypted passwords in the hacker’s possession, they could use any number of tools to brute force the passwords, cracking simple passwords in a matter of seconds. Obviously once a hacker has your eBay login and password, they can login to your eBay account and peruse the same information and transact in the same way as you could perform on eBay using that same login and password combination.
Beyond this, however, they require additional non-financial information to go any further.
Leveraging Non-financial Information
Once your personal information has been compromised and the data is freely accessible by the hacker, the information along with all other account information can be traded on any number of global hacking sites that trade in credit card and financial data as well as personal information, putting your identity at risk.
Once this information is in the hands of a buyer, they can, and probably will, use the information for any number of nefarious transactions that go far beyond the rather tame in comparison examples I provide below.
Assuming that your PayPal and eBay passwords are the same, then the hacker can access your PayPal account, just as you would, and then search for further information that resides there. They can transact with PayPal just as you would with the same login and password with the potential to make purchases and withdrawals, etc.
Following the logic used before where one assumes that the email address and password combination is the same for a multitude of logins, the hacker can then sign on to any of the social networking sites where you are a member. Again, here they can operate just as you do accessing information, updating information, downloading, uploading and interacting within the site. Some popular sites include Facebook, Twitter, LinkedIn, Badoo, etc.
With all of the additional personalised information now at their fingertips, information such as home address, date of birth, photos, etc. easily available to the hacker, you are now open to more serious attacks like targeted phishing attacks. With these types of attacks, hackers go after financial information (online bank accounts, investments, etc.). Additionally, they could transact offline, by say, calling the bank directly and using the information they’ve uncovered in your records to make telephone transactions.
It’s important to stay safe and secure online. Some tips for doing so include: make it a practice to react to situations like the eBay hack as soon as possible, don’t use the same email and password combination for every site you’re on, using a password management application that creates and enforces strong and different passwords across multiple sites, change your passwords often and if you see any suspect activity on your accounts, report it right away.