Menu
Sat, 23 November 2024

Newsletter sign-up

Subscribe now
The House Live All
Big tech backing nuclear is huge opportunity for Britain Partner content
Environment
Time is running out for a treaty to end plastic pollution – here’s why it matters Partner content
Environment
Education
Women in Westminster: In Conversation With Eleni Courea Partner content
Parliament
Press releases

eBay’s cyber-attack represents a significant breach

Institution of Engineering and Technology | The Institution of Engineering and Technology (IET)

2 min read Partner content

The cyber-attack on eBay is a serious breach for the e-commerce giant and its customers says the Institution of Engineering and Technology (IET).

Dr Martyn Thomas from the IET said: “This is a really serious breach for eBay and its users. In the time since the theft of the password file, the encryption may well have been broken, exposing the passwords and personal details that the file contained.

“It is also a serious breach for eBay's users, some of whom may have been put at risk by the delay between when eBay discovered the breach and when they notified users. Any eBay user who uses their eBay password on other sites should change these passwords immediately to new, unique and strong passwords.

“eBay's business model depends on trust, through their pioneering work on feedback scores. If accounts are taken over by rogue traders over, they could impersonate users who have high feedback ratings, undermining and potentially destroying the trust on which eBay's business has been built. This should be a further wake-up call for all company directors and Audit Committees to treat cyber security as an existential threat to their organisations.”

Hugh Boyes from the IET said: “As an occasional eBay user, I am concerned that not only have they lost my email, username and password, but according to their website the loss includes home address, phone number and date of birth. This is serious from an identity theft perspective. The only item they are missing is mother's maiden name and they have sufficient information to impersonate an individual when dealing with many financial organisations.

“The Information Commissioner makes the point that organisations should keep the minimum information necessary so why do eBay need to hold/store dates of birth and addresses? The only time an address is required is when a sale completes and you want the seller to ship an item to a purchaser - this could be treated as transaction level information and not associated with the customer/user records.

“I also think that rather than delaying the announcement of the need for a password change, eBay should have forced a change of all user passwords, i.e. cancel/disable current passwords and force a user to set a new password next time they try to login. This would prevent account takeovers as were being reported on the radio last night.”

Read the most recent article written by Institution of Engineering and Technology - IET welcomes apprenticeship, AI skills, nuclear and R&D funding measures announced in the Spring Budget 2024

Associated Organisation
Podcast
Engineering a Better World

The Engineering a Better World podcast series from The House magazine and the IET is back for series two! New host Jonn Elledge discusses with parliamentarians and industry experts how technology and engineering can provide policy solutions to our changing world.

NEW SERIES - Listen now

Partner content
Connecting Communities

Connecting Communities is an initiative aimed at empowering and strengthening community ties across the UK. Launched in partnership with The National Lottery, it aims to promote dialogue and support Parliamentarians working to nurture a more connected society.

Find out more