Three months ago, 145 million accounts were compromised within the eBay database during operation Heartbleed. On July 23, 2014 another 1000 accounts were hacked. Just today the company received another black out solidifying this as the 10th running major outage this year. The auction monster giant that is our household bargaining site, suffered major setbacks of late, which leads us to question… how safe we are using this “household brand”?
Our details were exposed and presented on a silver plate to a group of to criminal masterminds instigating operation Heartbleed. Heartbleed.com explains the definition of the program to be a bug,
“Bug is in the OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.”
And how does this differ from other bugs? Why couldn’t eBay - claimed to have outstanding proficient security systems in place to protect all traders and buyers - put a stop to this and protect us, the users?
When asked to state the uniqueness of this particular hack, heartbleed.com explains “Bugs in single software or library come and go and are fixed by new versions. However this bug has left large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure”
eBay was subsequently subjected to a series of investigations from the U.S and the U.K. and as a result they heightened security measures. Which leads to our next question: if eBay really is aware of the recent hacking events in May - with their proclaimed exceptional safety policies - how is it that 1000 accounts were hacked on just two months later in July? An argument into this also ignites users to question the timing of eBay’s latest innovative way to link PayPal accounts with eBay shopping baskets so one click is all that is necessary to purchase items. This means that PayPal is left open when logging into eBay. Shortly following this ease of access revolution, Heartbleed penetrated the mainframe.
Last month, eBay collaborating outlet Stubhub revealed cybercriminals successfully compromised over 1,000 accounts which were then used to make illegal purchases. This resulted in more emails to us, the public, with yet again another polite request to change our passwords.
“Furious eBay sellers demand compensation” says The Telegraph yesterday as yet another slip up takes the company down the road of turmoil, The Independent this morning says “users experienced problems accessing eBay in Europe from 08.55am BST until approximately 12.40pm” as this now becomes the 10th time just this year alone. The cost damage to those affected are yet to be released, eBay also faces a 5 million lawsuit which is yet to be ruled.
Angry customers are complaining that yet again we are being asked to change our passwords when loyal customers have had accounts older than 10-15 years, who now have new telephone numbers and email addresses which are the two primary security verifications used with the usual memorable secret security question.
Others say they are happy to change passwords although what for if the security systems in place cannot protect us?
Some people’s views are that any system in the world can be hacked, as new security networks are enforced, hackers work around the clock worldwide to crack them. And it’s simply unfortunate that a company which strives to be the safest is the one who was the target.
How do you feel about all this?