The cyber-attack on eBay involved information such as dates of birth, phone numbers, mailing addresses, e-mail addresses, names of the company’s customers, and encrypted passwords. However, no financial information of the company was present in the database that suffered the data breach. Around 2 weeks before, all of the compromised log-in credentials of the company’s employees was detected by the company. Despite the fact that the company found no valid evidence related to any unauthorized activity for users of eBay.
Along with this, the company also found no significant pieces of evidence related to any compromises related to financial or personal information for users of PayPal. They also not found any relevant pieces of evidence related to unauthorized access. On the way, much securer network, all of the data of the PayPal was separately stored, and encryption of all of the financial information of PayPal was present.
The company also regretted the concerns and inconvenience caused to the customers due to the reset of passwords. As, the company was aware of the fact that customers trust it when it comes about to their information and it is obliged to consider its commitment towards them severely to maintain a trusted, secure and safe international marketplace. Besides, the data breach of eBay was also analyzed. One of the significant concerns that emerged was the amount of time that the attackers had in the network of eBay. Despite the fact that the data breach was discovered 2 weeks earlier by the company, yet still, the system was accessed first by the attackers in early March.
For an attacker, it was a more extended period especially for staying in any network. One of the major concerns has to be the continuous presence of the attacker and the information which he/she must have accessed or taken. Although the financial information could not be accessed, yet still the fact remains, that there was plenty of sensitive information available. This specific information was accessed, and fraud was committed by the criminals. This sensitive information mainly comprised of the home address, home phone number, and the e-mail address of those 145 million customers of eBay.
It was also found by different security and fraud analysts that the incident initially took place due to the spear-phishing campaign that eventually resulted in a more significant compromise of credentials of employees of the company. Moreover, besides exposure of encrypted passwords, the criminals also tried to crack those passwords. The data breach of eBay emerged as one of the worst data breaches in the history. As it mostly highlighted security concerns that can be faced by any type of organization. It was concluded that attacks can take place despite the strong security of the company. Examples of organizations getting hacked despite having world-class security in place have been found. One of the similar examples is of Equifax.