Inside the recent eBay data breach
June 3, 2014

The scale of recent data breaches has seemed to explode, further highlighting the risks that are inherently present on the Internet today because of such a higher volume and diversity of users. As consumers and businesses alike continue to use relatively antiquated credential and password systems, hackers have not had a hard time breaking into storage environments and systems to steal information from unsuspecting victims. 

Between the Heartbleed bug, the Target breach and a few others, hundreds of millions of individuals have been impacted by the threat of information exposure on the World Wide Web, yet few changes seem to be in the process of deployment to avoid further issues. In what might become the most massive breach of all time, eBay was recently victimized by a security incident that put many of its users at risk. 

Another major oversight
Smart Data Collective recently reported that the eBay data breach is believed to have exposed the personal information and customer records of roughly 145 million consumers. To put this into perspective, the population of the United States is a little over 300 million today, meaning that one major attack has put a significant portion of the nation at risk of identity theft and other serious crimes. 

According to the news provider, eBay believes that consumers' financial data is actually out of harm's way, as it is stored separately on PayPal and encrypted, but this does not entirely lessen the gravity of the situation. Essentially, the source explained that hackers broke into a database that was used to store personal information and began to steal it en masse, and that simple passwords seemed to be the main targets. 

In what has become a theme in the cybersecurity arena, Smart Data Collective pointed out that while eBay discovered the breach two weeks ago, investigators have traced it back to February, meaning that the hackers have had months to steal the information and cover their tracks. 

Passwords do not cut it
One of the clearest truths that has consistently broken through in these events is that antiquated password and credential systems are simply not enough to protect account information from hackers. Businesses, especially those that are conducting activities over the Internet, must soon realize the importance of advancing their protections. 

Multi-factor authentication is a suitable replacement for traditional passwords, and has already helped companies in a wide range of industries better protect themselves from cybercrime.