eBay Data breach research paper
Introduction
eBay reported a security breach on their database on 21st May 2014, that affected more than 148 million customers. Notably, the extent of the breach and the number of customers impacted makes the eBay breach among the largest breaches of all time. Given that the database contained sensitive customer information, the incident presented severe risks for both the company and the stakeholders. As a result, the company notified its customers to change their account passwords and utilize credit card monitoring services. This research paper will discuss will give an insight into the incident and present information on how eBay handled the breach.
eBay is a multinational corporation that was founded by Piere Omidyar in 1998. With its headquarters in the United States, the company succeeded as an auctioning company that aids various trades including person to person and business to the consumer through the internet. The significance of the company is indicated by its persistent online presence and the massive sales conducted through the website. For instance, in 2016, eBay reached 162 million active users, while recording more than 250 million daily searches in the first quarter (Wakefield, 2014).
Given that eBay is one of the largest online platforms, the incident had a great impact on the large number of customers affected. According to the company, the breach occurred between late February and early March. The hackers had managed to retrieve data from employee details, thereby gaining access to the company’s database. As such, the hackers gained access to sensitive information including email address, date of birth, phone numbers, encrypted passwords as well as physical addresses. Consequently, they also accessed the company’s corporate network, thus posing a risk to the security of the information in the user’s credit card.
Over the years, the company’s have fallen victims to hackers who use various techniques to gain access to their database, thus stealing essential customer details. Thus, the incident at eBay represents a fraction of data breaches that occur in various companies, especially online corporate companies. The increasing technological advance has led to the growth of data breaches in many parts of the world. While data breaches may not entirely affect the reputation of the company, the manner in which such corporate handle the incident can have an impact on reputation. Despite eBay’s mature information security program, the company has been questioned by the public regarding the manner in which it handled the incident, thus tarnishing its reputation.
The company’s poor management of the crisis had an impact on public perception, thus causing outrage. Firstly, eBay announced the incident two months after it had occurred. An executive of eBay told the public that it delayed the announcement because it had confirmed whether the hackers had stolen customer information. Thus, the company was planning to notify its customers regarding the incident after they had confirmed that the hackers obtained critical information. However, eBay disclosed the breach on 21st May 2014 and therefore required its customers to change their passwords manually and utilize a credit card monitoring service. In this case, the company should have notified its customers to change their passwords immediately after the occurrence of the breach.
During the announcement, the company disclosed that there was no evidence regarding the exposure of data. However, eBay urged its customers to change their passwords manually. In this case, the information released by the company seemed to be inconsistent. Therefore, the contradicting information given to its customers was deemed as a way of covering the incident to protect the company’s reputation. The company’s claim that the passwords were encrypted with an additional layer of security was questioned when the public complained about the password reset tool that took several days to give feedback. (Wakefield, 2014).
The poor response to customers resulted in a loss of trust in the company. The failure to notify the customers regarding the incident and lack of timely advice on changing passwords was among the issues that caused outrage. By failing to reveal details of the incident on time, the company was exposing its customers to numerous threats caused by the stolen sensitive information. As a result of poor management, the company saw a diminishing customer activity on its website. In fact, eBay saw a decline in customer activity after disclosing about the breach. Also, the company announced a $200 million loss in revenue as a result of the decline in customers.
Conclusion
In summary, more attackers are becoming common in the current days as a result of technological advance. This aspect has granted intruders sophisticated knowledge on how to successfully steal sensitive information from a company’s database using various techniques like phishing messages. In this case, the attackers obtained access by retrieving information from the company’s employees (Jensen, et al 2014).
Thus, the company lacked proper measures to prevent such an occurrence. However, the lack of timely disclosure regarding the incident led to the decline of customers due to loss of reputation. In this case, eBay needs to set proper measures for handling data breach incidents. On the other hand, it is essential to educate employees regarding various ways that can be used by hackers to gain access to the company’ database. This approach will work to prevent hackers from tricking employees or obtaining critical information that can grant access to the company’s database (Jensen, et al 2014).
Reference
Wakefield, J. (2014). eBay faces investigations over the massive data breach. BBC News.
Jensen, M., Durcikova, A., & Wright, R. (2017, January). Combating phishing attacks: A knowledge management approach. In Proceedings of the 50th Hawaii International Conference on System Sciences.