Thursday, May 22, 2014
Here’s how it usually works: someone big gets hacked or a serious risk gets disclosed then all sorts of articles pop up with journos quoting people like myself on all the same questions that inevitably get asked. I’ve been doing a bit of that today in the wake of the eBay attack so I thought that rather than just have these one on one conversations which then get dispersed all over the place, I’d capture a bunch of responses from discussions I’ve had here.
Just one more thing – it’s
very early days in the life of this incident, indeed it’s less than 24 hours since
eBay asked everyone to change their passwords. With that in mind, here’s what people are asking and what I’ve been able to contribute to the discussion:
What happened?
It seems that the credentials of a number of employees were compromised which then allowed the attacker(s) to gain access to the eBay network and exfiltrate customer data including name, “encrypted” password, email and physical addresses, phone and date of birth. This appears to have happened some months ago in February and March but seems like it has only just been discovered now.
