Jonathan Sander Strategy & Research Officer STEALTHbits Technologies

Jonathan Sander, Strategy & Research Officer, STEALTHbits Technologies states,“The most interesting aspect of the eBay breach is the quasi insider threat that was disclosed. The statement isn’t completely clear, but it seems that the attackers got the user data by going through compromised employee credentials. Of course, that’s the same basic story as Target, the NSA, and so many others. People focus on the loss of user data, but the real story is how easy it is to get tons of user data with just one or two employee passwords. The official eBay statement includes the good advice to not only change your eBay password but also passwords on other sites where you may have used the same password as eBay. It leaves me wondering if some eBay employee may have used the same password for their corporate account on some other site and left that insider account exposed as a result.
 
Nobody cares about things that are somebody else’s problem, and the breaches hitting the news all feel like they happen to other people. Target was so impactful because so many people actually shop at Target that it felt a little close to home. Now they have a false sense of security because the outcome from Target was that no individuals were personally impacted. Or so it seems. The problem is that it’s extremely difficult to connect the dots on data breaches and impacts like identity theft. Huge numbers of people are being impacted by identity theft, but it’s not like each theft comes with a little card telling you where the attacker got your personal information. This whole business is like a warped robin hood where the attackers pull off huge heists from the big corporations and then use that to steal just a little bit from each of the little people.”

For more information go to www.stealthbits.com