99 per cent of companies have employees who use eBay, and therefore their companies could be at risk.
According to research from Skyhigh Networks, the average Fortune 2000 Company has approximately 15,800 employees using eBay and as employees access the website from work, this could have significant security consequences for business.
Charlie Howe, Skyhigh Networks EMEA director, said that a breach which affects 145 million people has to have an impact on businesses, who need to realise that it is not just about personal accounts.
“Most eBay users do visit the service exclusively for personal reasons, and are unlikely to store sensitive corporate data within the service, which means that the impact of this breach in terms of corporate security will be dismissed by many,” he said.
“It’s a dangerous game to play, however, especially since many people will fail to heed eBay’s warnings and change their passwords.
Howe said that employees will often use the same password across several cloud services and with passwords re-used; I asked how many employees are using the same password on eBay as they are on their corporate cloud services?
“I’d say it’s pretty high, a certainty almost. This is critical because it means that hackers can use eBay credentials to guess login and password information of other corporate cloud services where data sensitivity may represent a far greater risk to the organisation.”
Paul Ayers, VP EMEA at enterprise data security firm Vormetric, said: “In the case of the breach at eBay, the cyber criminals have targeted a database containing eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.
“Enterprise databases are a rich seam of valuable data for hackers and the route to this data is often via users that have the appropriate access rights and network privileges. Even though a portion of it was encrypted, it appears a good deal was not and it is this kind of personal information which is often used by criminals to launch further attacks.”
