Jay Allpress

May 23 2014

Tips for Customer Security After Hack on eBay

eBay Password

On Wednesday, May 21st, eBay revealed that it had experienced a cyber-attack that compromised a database containing encrypted passwords and other non-financial data between late February and early March 2014.

What happened?
According to ebayinc.com, “Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network.” The compromised database included 145 million eBay users’ name, password, email address, home address, phone number, and birthdate.

What should eBay users do?
eBay is urging all users to change their passwords even though there is currently no evidence of unauthorized access to financial or credit card information. Make sure that you change your password on the email address that is connected to eBay as well. Avoid using the same password for both eBay and your email account.

When changing your password, avoid using commonly guessed names or numbers (birthdays, addresses, phone numbers, words in the dictionary, etc.) for your password. Try using passphrases, which are a string of characters longer than a normal password that include capitalization, punctuation, special characters, and numbers (i.e. i%HEART<3HBT1904).

Be Aware of Phishing Emails or Phone Calls
Unfortunately, with large data breaches like these, hackers take advantage of the news coverage and attempt to contact you with phishing emails or phone calls with the goal of scamming you out of money. Be cautious of unsolicited emails and phone calls from people asking for banking information or other non-public information like Social Security Numbers and help protect yourself with these tips:

  • Always perform due diligence when sending sensitive information over the Internet and make sure the website you’re using is legitimate and has adequate security measures.
  • Always pay attention to the URL of a website. Malicious websites may look legitimate, but the URL may be misspelled, or have a different domain ending in .net versus .com, etc.
  • If you receive an email saying your account will be discontinued unless you confirm personal information, do not reply or click any links in the email.
  • Be cautious about opening any attachment or downloading any files from emails you receive regardless of who sent them.
  • If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.
  • Check for anti-phishing features offered by your email client and web browser.

For more up-to-date information about the eBay compromise, please visit ebayinc.com.

Jay Allpress

About Jay Allpress

Jay Allpress is Vice President, Security. He has been at Hills Bank since 2009 handling the security department for Hills Bank including physical and information security. He has been involved in physical and information security for over 20 years. Prior to joining Hills Bank, Jay served in the United States Air Force and Iowa Air National Guard in numerous locations including Misawa, Japan; Bellevue, Nebraska; Mountain Home, Idaho; Riyadh, Saudi Arabia; and Fort Dodge, Iowa. Jay is an active member of ASIS International, Safeguard Iowa Partnership and Iowa Contingency Planners. Jay is a Certified Information Systems Security Professional (CISSP), and Certified Community Banking Security Professional (CCBSP). Jay can be reached at jay_allpress@hillsbank.com.

This entry was posted in News and Events and tagged , . Bookmark the permalink.

Leave a Reply

Thanks for taking time to provide a comment or question! In order to keep your private information private and keep the conversation constructive, please keep the following guidelines in mind:

  • Please do not provide account specific details or personal information in your comments or questions. If you have account or service needs, please contact your Personal Banker at any Hills Bank location.
  • Comments will be reviewed and approved before appearing on our blog. Keep comments and questions relevant to the post you are responding to, and as always, keep comments respectful. Personal attacks, offensive language, or anything deemed inappropriate will not be approved to appear on our blog.
  • Under the Children’s Online Privacy Protection Act (COPPA), you must be 13 or older in order to comment on our blog posts.
  • Due to phishing - an identity theft method attempting to acquire personal information, we cannot accept links to other blogs in our comments.

Your email address will not be published. Required fields are marked *