Sebastian Munoz CEO REALSEC

It is quite amazing that eBay is only warning its customers to change their passwords, when the attack took place some months ago. If the hackers' intentions were fraudulent, they had plenty of time before the warning, said  Sebastian Munoz is CEO of REALSEC, Inc.

On the other hand, they do not seem to be very confident about their encryption system, when they are suggesting their customers to reset passwords. If efficiently encrypted, using specific certified hardware, there would be no need to reset the passwords, since protection is guaranteed. When you use a Hardware Security Module (HSM) and not a simple and insecure encryption by software process, there is no way that hackers can gain access to the encryption keys.

Moreover, if they had a safe and efficient encryption system, why was not all the personal data of each of their customers also encrypted? They are responsible for a secure and reliable custody of private personal data and they failed. Most software based encryption systems significantly impacts throughput when all data is encrypted, and this might be the reason why only the password was encrypted and not the rest of the private data.

Hardware based encryption systems are not only the safe solution, since encryption keys are safely stored in protected hardware devices or HSMs, but also they are much more efficient in terms of managing large volumes of encrypted data without significantly affecting accessibility.

For more informatio go to www.realsec.com