He has explained for Softpedia that hackers are more opportunistic these days and choose to simply exploit the “IT equivalent of an open window in an otherwise locked building,” weak passwords, staff information that’s easy to obtain, and open wireless network connections.
Galindo mentions that while reports so far have indicated that the hacking incident was facilitated by the lax employee data security, there could be more to the story, varying from weak and easily discoverable passwords to exploitation of insecure network devices in order to breach a system without raising any red flags.
Unfortunately, eBay won’t be the last company to fall prey to hack attacks that exploit the weak employee security practices, but this can serve as a learning point for any business.
Regular password changes can be a solution, as well as the reeducation of the staff about the real risks associated with keeping passwords jotted down on a piece of paper that’s left around for anyone to find.
145 million accounts have been affected by the eBay hack that took place between late February and early March. Email addresses, passwords, and personal information have been stolen, but the passwords are supposed to be encrypted and there’s no indication thus far that the security layer was broken.