The lesson from eBay's security breach: We are so screwed

Change your password. And then change it again. But don't believe, for one second, that your information is safe

Published May 21, 2014 4:26PM (EDT)

Meg Whitman      (AP/Paul Sakuma)
Meg Whitman (AP/Paul Sakuma)

Another day, another vast security breach underscoring just how ludicrous the notion is that our personal information is safe on the Internet.

This time, it's eBay's turn. The online auction firm revealed on Tuesday that it was the victim of a "cyberattack" several months ago. Employee logins were compromised, giving the attackers access to eBay's corporate networks. EBay stressed that there was no evidence that financial information had been accessed, but still: best for everyone to change their password, like, right now.

From eBay's press release:

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information

Of course, if you happened to do something dumb like use the same password for eBay and PayPal, well, then, you are screwed.

But when it comes to online security we're already so screwed that it's hard to know where to begin. On the most basic level, online giants like eBay, Facebook, Google and Amazon have collected vast amounts of data capturing aspects of every part of our life. Both willingly and unwillingly, these companies have handed over that data to U.S. government intelligence agencies. And on top of that, these companies are also routinely compromised by data breaches precipitated by unknown parties.

As I attempted to recall my eBay password this morning, it occurred to me that Chinese hackers and NSA spooks were more likely to know it than I was. This is an absurd state of affairs.

What can we do? Probably the first step, if you use PayPal to handle your transactions on eBay, is to enable two-factor authorization. But vigilantly inspecting your back account and credit card statements on a regular basis is also essential. Because there is no real security on the Internet. Your password is out there. Change it. And then change it again.


By Andrew Leonard

Andrew Leonard is a staff writer at Salon. On Twitter, @koxinga21.

MORE FROM Andrew Leonard


Related Topics ------------------------------------------

Cyberattack Ebay Ebay Cyberattack Online Security Password Passwords Security