eBay hack: What you need to do now

Hamish Barwick

Two factor authentication

According to ESET security researcher Lysa Myers, the eBay compromise could "have been worse" if financial data had been kept together with passwords and personal customer details.

"However, because the database also included eBay users' name, email address, physical address, phone number and date of birth, this breach does open up the possibility for other types of scams such as phishing attempts," she said in a statement.

"eBay users are advised to be on the lookout for suspicious messages, and avoid clicking on links in emails they receive."

Myers added that eBay customers should make sure their new password is "very strong" and different from the passwords they use for other online accounts.

"If you have not yet started using a password manager, this could be a good time, as they can be very helpful in creating and maintaining strong passwords for each online account you use."

Turning to eBay, she questioned why a number of employee log-in credentials were successfully hacked.

"This could imply that eBay is not requiring its own employees to use two factor authentication [2FA] in order to access sensitive customer data. Many websites and online services, such as Twitter and Google, offer their users 2FA to bolster the security of their account."

According to Myers, the introduction of 2FA could "greatly bolster" the security of eBay customer accounts in the future.

Previous Page  1  2