In summer 2014, eBay was a victim of massive security breach. Up to 148 million customers’ sensitive information was in risk due to a hack. This posed identity theft and password theft risk for eBay’s customers. They were advised to immediately change their password. Through social engineering and phishing, hackers were able to get access of some employee’s access credentials. This led them to access customer’s database which contained user’s credentials and password. They copied customer’s name, email address, physical address, phone numbers, date of birth, password etc. and are now in possession of these information. eBay claimed they were not able to crack user password because the password had been encrypted and impossible to decrypt. The …show more content…
According to the lawsuit, eBay’s security was inadequate which led to the users’ data being compromised. It further states that eBay’s response to the security breach was not good enough and eBay did not inform users of the hack in a timely manner. It withheld information from the customers. Even though eBay claimed that the passwords were encrypted though a method called hashing and was impossible to decrypt, users had to change their password. However, the hackers still got hands on users credentials like their name, address, phone number, date of birth etc. So they now know where each user lives. They may even call them with fake deals and offers and dupe them into giving more sensitive information like bank details. Not a lot of changes were made after the attack to counter it in future. Many people criticized the way the company responded to the hack. There were not enough email communications that would inform the users of the attack or prompt them to change the password. In addition, people complained that the password renewal process was not implemented nicely. However, eBay did lower its annual sales target by $200 million. After this attack, eBay realized that it should spend or focus more on training its employees about IT security so they are not a victim of social engineering in