Raising awareness quickly: The eBay data breach

Here's a quick breakdown on the situation that can be shared in-house

On Wednesday, eBay issued an advisory to users stating that passwords will need to be changed, after a database containing user information was compromised. When a company this large reports a security incident, it has the tendency to turn into a FUD-fueled news cycle.

In the event that people within your organization have questions, here's an overview of the incident, with some additional details you can use when discussing the situation.

How did this happen?

According to eBay, attackers compromised employee log-in credentials. This gave the attackers access to the corporate network and the systems on it.

As is the case with most attacks that result in credential theft, the attackers likely used a socially-based attack of some kind. The best bet is Phishing. However, eBay isn't discussing how the credentials were compromised, so it could be Phishing, or it could be malware. The public may never know.

When did this happen?

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!