eBay hack: What you need to do now

Hamish Barwick

malware

Online marketplace eBay has stated that cyber criminals compromised a "small number of employee log-in credentials" in the United States between late February and early March 2014 to gain access to its database.

The eBay US database contained customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth, but no financial or other confidential information, the company said.

The compromise of eBay's log-in credentials highlights that putting the bulk of a information security budget into combating external threats "no longer works", said Australian Information Security Association (AISA) spokesperson Lani Refiti.

"Attackers with enough resources and motivation will, at some point, compromise your organisation to some degree. Organisations need to focus on the detect and remediate phase equally," he told Computerworld Australia.

According to Refiti, network segmentation is a "simple but effective" security control that companies with large amounts of data should use.

"What I'd be interested to see when eBay release further information is whether they did any data/information segmentation such as separating the user database from the password database or used multi-factor authentication internally. In a layered defence model, this makes it harder for the attacker to get all the pieces they need," he said.

Refiti added that there are no reports, as yet, of Australian eBay users who have been compromised.

"This attack is similar in nature to the one that Target US and Nieman Marcus have suffered; it's a trend against online retailers. If I was Target Australia or K-Mart, I would be looking at my information security management system very closely," he said.

Dell Software Australia and New Zealand's managing director, Ian Hodge, agreed with Refiti's call for "detect and remediate" by companies.

"Data leaks can often originate from employees, through intentional theft, lost or stolen mobile devices or accidental exposure. Poorly managed privileged credentials are increasingly leaving organisations as vulnerable as a hole in a firewall and sensitive information can easily find itself in the wrong hands," he said in a statement.

Hodge advised IT security managers and CSOs to create a list of how many privileged accounts their company has and who has access to what information.

"This can help identify where your organisation is most vulnerable to internal security breaches. It is incredibly important that these users also have strong passwords that are frequently changed to reduce the threat."

In addition, Hodge said information security managers should conduct regular reports to identify if privileged passwords have been changed.

"By knowing who has access to what [information] -- and ensuring that users are only provided with the lowest level of access required to perform a task -- can reduce the threat."

1  2  Next Page