This week’s change your password announcement comes to you from the Internet commerce site eBay. After a recent cyber attack, eBay, Inc is asking users today to change their passwords as a precaution. Apparently cyber attackers compromised what is being described as “a small number of employee log-in credentials.” Unfortunately, we all know the implications of those kind of statements. This compromise allowed unauthorized access to eBay’s corporate network. The company is working with law enforcement officials to investigate further.
The intrusion happened during late February and early March 2014 and affected a database that included user names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. eBay says the intrusion did not access financial information.
Here’s a quote from the eBay website:
eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.
Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.
Concerned users probably shouldn’t wait for an further official notification from eBay before making a password change. eBay adds that data for PayPal users, which eBay owns was not affected. Note that if you use the same password on eBay that you use for other sites, it is recommended that you change your password on that site as well.
eBay Inc. is an American based international Internet business that at its core is consumer-to-consumer focused. Through its online auction and shopping website customers buy and sell an extraordinarily wide variety of goods and services on a daily basis.
Consumers and businesses are becoming unfortunately accustomed to the hassles of changing passwords these days with announcements of cyber attacks and hacking seeming to increase in frequency. Consumers should realize that customers and the public are not usually notified of security breaches until some time after an attack has been discovered.
It is important to always practice safe password management when engaging with any Internet transaction, financial or no. Recommended tips include:
- Use a different password for each website or service.
- Create a password that isn’t easy to guess. Don’t use discoverable information like your childrens’ names, anniversary dates, etc.. Use a combination of letters, numbers, and other characters to create a unique password.
- Use a password manager. Password storage and creation software like 1Password, LastPass, RoboForm, Keeper, and Dashlane among others offer you the ability to create and store unique passwords that you can access through one master password or automatic logins. But remember you need to create a master password that is not easily discoverable as well. Browsers also offer the ability to save and store passwords for easy retrieval. But keep in mind, good security and convenience do not go hand in hand.
- If you must store your passwords somewhere other than a digital locker, find a location that is not easily discovered. Carrying your passwords around in an address book can easily compromise your security should you misplace it.
- Use two step authentication. Offered by some services and websites two step or two factor authentication creates a second layer of protection by requiring you to authenticate your account not only from a website, but also from a smartphone.
- Users should routinely change passwords for websites and services that they use. Don’t wait for a security scare or warning. Think of creating a regular time to change your passwords in the same way you change batteries in smoke alarms.
- You are responsible for your own online security. Don’t trust any site or service absolutely.
eBay won’t be the last major Internet service that has to ask its users to change their passwords. It certainly is not the first. Regardless of the tools that you may use to create a password, you should keep in the forefront of your mind that changing passwords and security measures is, and will be, an ongoing fact of life on the Internet until someone comes up with a better method.