The eBay password mess rolls on it seems, after being quiet for about a week while this story was making the news, front page of papers, TV & radio and wherever, eBay have finally made the users change their passwords. In this case its too little too late, the passwords are the least of your worries if the attackers got there hands on everything else eBay has on you. Now a story from the Daily Mail in the UK is hinting at eBay UK’s possible fine from the Information Commissioner could only amount to roughly 2p per customer which would take about 0.0002% of eBays tax dodging profits away… (await the increase in fees to cover it)
Whatever the size of the fine it won’t be paid by eBay, 12.5% FVF should solve that little problem.
– Everyone it seems…
Internet auction site eBay may only face a £500,000 fine despite one of the biggest cyber attacks experienced by British consumers.
The penalty, which is the limit that can be imposed by the Information Commissioner’s Office, would amount to just 2p for each of the 18million users in Britain and 0.00002 per cent of the company’s global annual turnover.
The email, home addresses, passwords, phone numbers and birth dates of every eBay account holder – 233 million worldwide – are now in the hands of hackers who can pass them on to other criminals.
A message on the eBay Inc homepage yesterday urged customers to change their passwords in the wake of one of the biggest cyber attacks in history
Customers were urged to change their account details after the breach, but the site received another technological setback overnight because of a dramatic increase in traffic, meaning users could not change their passwords.
Online purhcases make up around one fifth of all credit card spends in the UK and consumers are expected to spend £107billion online this year.
- Why did eBay take THREE MONTHS to reveal cyber attack? Website blasted for ‘inexcusable’ delay after customers details were hacked as long ago as February
- Britain’s biggest handbag thief: Housewife who stole 900 designer handbags – almost one a day for three years – must pay back thousands she stole or face jail
The British Information Commissioner’s Office said it was monitoring the situation and may be forced to investigate if British details are leaked, used and purchased by criminals.
The body can hand out fines of up to £500,000 to bodies that breach the UK Data Protection Act.
The most they have issued is £325,000, to Brighton & Sussex University Hospitals NHS Trust, but also handed a £250,000 fine to Sony.
Christopher Graham, the Information Commissioner, said: ‘On the face of it, this is a very serious breach.
‘What we can be sure about is that if there has been a breach of the UK data protection act, we’ll act firmly.
‘This needs to be a wake-up call to all of us. It shows consumers the importance of having different, strong passwords for different online services.
‘It’s a wake-up call to government that the 20-year-old data protection laws are showing their age.
‘But most of all it’s a wake up to businesses. Cyber crime is real. Hacking is real. Responsible companies have got to act to keep their customer information safe, and if they don’t, they’ll find they’re not just in trouble with the Information Commissioner, but they’re in trouble with customers too.
The cyber attack on eBay took place in February and was undetected for around two months, giving hackers access to personal information and other non-financial data.
Even though customers were asked to reset their passwords, the breach gave intruders access to other information, which is far harder to change.
The company said it is trying to fix the problem and is sending millions of emails to customers in a bid to resolve the issue
Alan Woodward, a cybersecurity expert from the University of Surrey said the stolen data will already be available for purchase on the Black Market and will be sold for low prices.
He said it will have been uploaded to ‘dark corners’ of the internet and customers will not be able to retrieve it.
He told Mail Online: ‘The personal details will now be on the Black Market and you will not be able to get it back.
‘The cyber-criminal market has become so widespread that information is very cheap. You can now buy credit card details for pennies.
‘Criminals can get someones name, address, date of birth, email and passwords for as little as £10.
‘There have been so many hacks now that the market has depressed for the last two years.’
He also urged customers to use strong passwords by shying away from words in the dictionary.
‘That is one of the techniques hackers use,’ he added. ‘When setting up an account you have to ask yourself: “Why do corporations need this data?”
‘For example, dates of birth are very valuable to cybercriminals, so lie.’
Alastair Paterson, the chief executive of Digital Shadows, a company specialising in cyber security, said online criminals were advertising ‘teasers’ containing names, date of births and phone numbers to potential buyers, who could then purchase the rest of the data.
Advocates of traditional high street shopping have seized on the data breach as a reason to favour bricks-and-mortar shopping.
High Streets Minister Brandon Lewis said: ‘The internet has revolutionised the way we shop, increasing choice and competition to the benefit of customers.
‘Town centres need to adapt to survive – such as adopting “click and collect” services.
‘But the cyber-attack on eBay reminds us of the need for internet security and for consumers to be careful about their passwords. This isn’t a problem that people have to think about when they shop on the high street’.