News of perhaps the largest ever cyber-attack to date with hackers accessing Ebays database of over 233 million customers’ personal data is another in a long line of data losses in recent times.
In this case, the hack was a phishing attack on the system administration accounts that were compromised providing access to the database.
Says Colin Tankard, Managing Director of data security company Digital Pathways, ‘ It seems to me that eBay had encrypted the passwords, but all other information was in the clear. Why they only went part way in the protecting the data is not clear. It would have been better if they had encrypted the whole file structure and added better authentication to the system administration accounts as a minimum.’