Around May 20th, eBay officials announced they caught wind of a major data breach inside the company’s computer network. But how did the eBay major data breach occur? There were even rumors that the employees in the company knew of the breach since its first occurance, which occurred in late February 2014. Nevertheless, the company only released the facts now. These rumors were quickly dismissed as a PR misunderstanding, soothing some of the tension coming from discontent customers about being kept in the dark. This security threat was the work of anonymous hackers. Though the cyber criminals weren’t successfully identified yet, the good news is that no great harm took place. Not yet at least.
After breaking into the eBay database, the attackers managed to obtain the personal data of over 145 million users. This data included encrypted passwords, full names, physical addresses, phone numbers, and so on. Even though there is no evidence of this data being used for financial purposes, like hacking into the users’ customer accounts on PayPal (which is a subsidiary of eBay) or perpetrating any theft, the breach could still lead to dangerous consequences. Even if the hackers will not or cannot use this data for any fraudulent financial activity, the risk of using it for identity theft still remains. Stolen data packages like these (containing the names, birth dates and addresses of clients) are often sold to cyber criminals. These criminals then attempt phishing and identity theft.
The eBay Major Data Breach: What Caused the Phishing Attack?
According to Alan Marks, the vice president of eBay’s global communications, the security team noticed unusual behavior from the company’s employees’ computers earlier this month. Upon further investigation, they discovered that the attackers stole some of the employees’ credentials to log into the system. Upon entry, they gained unauthorized access to the eBay’s database. This way, they were then able to copy an entire database worth of personal information. Security experts warn the attackers may use this information to commit identity theft or other crimes in the future. Luckily, the company stored the financial information for its clients in a separate database. eBay urged the users who have the same password for both sites (eBay and PayPal) to change their authentication details as soon as possible.
The company is working with the Federal Bureau of Investigation in San Francisco to investigate who may be behind this attack. Peter D. Lee, an FBI spokesman, even stated that arrests may happen soon. There is quite a high level of anxiety about these online attacks. Anxiety is being felt in both the public sphere and the financial world. Identifying the culprits would really put many minds to ease. Though cyber-crime and hacking are usually associated with the Anonymous group (whose intentions may sometimes be debatable), a multitude of threat actors exist out there with clearly harmful intentions. A breach into the security of any vast organization, be it a private or a public institution, poses a huge threat to the lives of all of us.
Since the world is becoming more and more connected to computers and smart technology, the threats related to this sphere tend to become more and more serious as well. The more business transitions online, the more cyber criminals and so called “bad actors” stand to gain from these attacks. One of the major recent threats released is the so-called Perkel or Perkele virus, which is a Russian-designed Trojan targeting online banking. The virus specializes in targeting smartphones which engage in banking activities. It is so advanced that it is capable of performing self-updates and modifications in order to avoid detection entirely. The online bait of lucrative assets is growing richer as the business sector continues to move online. We can expect more complex threats to continue popping up.
This is an example of the degree to which the number of mobile banking threats has multiplied since 2013 according to Securelist. This chart gives us a good impression of how fast the malware sector is growing and will continue to grow.
Can You Prevent Being Targeted?
A report analyzing the future of this crime has been released by Trend Micro. This report was compiled in collaboration with Europol and the International Cyber Security Protection Alliance. The report is meant to help governments, individuals and businesses cope with new cyber threats which will appear from now until 2020.
There are a few things the average internet user must know to protect him or herself. These items include: how common traps can be identified (and how to avoid them). Threat actors usually need your unknowing cooperation in order to succeed at stealing your data. A common way of obtaining it is by tricking you with a bogus e-mail or link. Here’s what you must do to avoid falling prey to phishing attempts.
- Don’t click any link within emails from banking services. The email may seem very legitimate and look every bit as official as they get. If you click any link within, it may lead you on a page hosted by a so-called bad actor (or the servers and hubs that support criminal activity). Once you arrive there, you will be requested to enter more personal data. Alternatively, a Trojan may be planted in your device. The same goes for any email from any company whom you trust with your personal info. This isn’t limited strictly to banking companies.
- Don’t hand out personal data over the phone either. Reports have shown that even when you think you are talking to your bank (even if you’re the one who made the phone-call), you may not be really speaking to a legitimate bank representative or your line may be tapped. Avoid giving any kind of personal data (like social security numbers or passwords and so on) over the phone as well.
- Bookmark the key pages for online transactions. This way you can make sure you’re on the right page and not just one that looks like it (but is hosted on a bad actor).
That’s all we have for today. If you have good tips on avoiding the ‘bad parts’ of the internet, tell us about it on our Facebook page. Until next time…