eBay Security Breach Company Response Total Fail
I was browsing the net last night and came across this article written by Davey Winder of itpro.co.uk
The article blasts eBay Inc for the way they bumbled their response to the breach. Not counting the 60 days their database was breached that nobody in the company had a clue eBay had been hacked. Actually they probably knew about the breach but tried to sweep it under the rug in true eBay fashion.
Here are a couple of snippets of this must read article if your an eBay member.
“To make matters worse, it then took eBay a further two weeks from being made aware of the breach to disclose details about it. This is not uncommon, and as a rule of thumb the excuse for the delay will be so as ‘not to hamper any investigation’. This is all bad enough, but once that disclosure was made it was done through a blog post and media interviews. Users were not notified by email, and there were no messages even within the internal mailing system warning customers to change their passwords. Despite assurances to the media that password change notifications would be going out, nothing was forthcoming.”
“My attempt to change my password was met with a message telling me I’d succeeded, but then it wouldn’t allow me to use it afterwards and told me I should go knit a jumper instead. Well, maybe not in those exact words. It took a number of days before my password was successfully changed and my account was secured once more. If eBay had any kind of half-decent breach response plan in place, and if it really cared about customer security (rather than the immediate bottom line), then it would have just reset every single password.”
I have been covering eBay vehicle fraud and scams since 2004. This is nothing new in the eBay coverup department. It’s been 10 years since this website was founded to advise the consumer about internet vehicle fraud. Here is a blog post we published showing a bunch of eBay security meltdowns.
Back in 2007 when Vladuz was hacking the crap out of eBay repeatedly, one hack he did was to post about 1200 members personal info including credit card numbers to the trust and safety forum. It took eBay about 2 hours to shut the forum down. Many eBay watchers / members said the credit card numbers were valid. eBay blew it off as a corrupted forum database. However eBay tried to spin the hack they couldn’t spin the fact that Vladuz left his signature in every board post: “SGI Inc. – emocnI gnitareneG rof snoituloS”.
I started selling cars on eBay in 1999. It was a great venue back then, now all that matters is the bottom line. Too bad if you get scammed or redirected from a phishy listing. It’s a crying shame what a data dump eBay Inc has became over the years. 😥