The eBay hack and my “Oops” Moment

The eBay hack and my “Oops” Moment

TNT: When eBay was hacked, no financial information was acquired, your mailing address was already public information, and your birthdate wasn’t too difficult to find either. But if you use the same password on multiple sites, you probably should respond to this anyway.

As security breaches go, the one at eBay is serious primarily because of its size: eBay has 145 million active accounts. But what could a hacker do, change the price of something you’re selling? Enter a bid for you on an item you didn’t want to buy? All in all, the breach isn’t a threat to most users.

Except for the passwords.

Like so many others, I have a “default password” that I became accustomed to using in many different situations, some of which could be much more of an issue than on eBay. While eBay didn’t discuss the encryption method used, it’s probably true that it would take hours or even days of computing power to decrypt each password — but is it worth the risk? It means that I have work to do, changing that password — after remembering where I’ve used it!

WHAT TO DO: I spoke several years ago about a free password manager called KeePass which I still strongly recommend. There are also free online services and other software products, but KeePass gives me a strong password generator, multiple “folders” of passwords (including the ability to export and share certain passwords with others), and the ability to keep copies of my passwords on my computer and my smartphone — this is one file I don’t want to lose! All I need to do is remember a single access code (which ought to be secure, in case someone lifts my phone), and I can get to all my passwords.

Hackers are finding new and interesting ways to make use of information. It’s just not worth making your account easy to access — we’ve had website clients whose websites required restoration because their personal passwords were too easy to guess. Just today, someone setting up a new mailing list requested that his password — which enables accessing the email addresses of all his subscribers, and to send them all email via his list — be “password123”! Needless to say, we asked for something much more secure.

newspaper templates - theme rewards