Ebay Lost 233 Million Accounts. Could It Be More Than Hackers?

In what could be the biggest security breach in history, Ebay may have lost personal data for 233 million accounts. Long story short – hackers got access to employees’ corporate network credentials, probably by phishing. They than accessed and extracted user data saved on Ebay databases, including addresses, date of birth, usernames, emails and passwords, which Ebay officials mentioned were encrypted. There is yet no report of hackers stealing credit card info from PayPal (an Ebay subsidiary).

A totally unrelated Ebay product

A totally unrelated Ebay product

Ebay was “quick”  to notify its users on the breach - it only took them three months to discover and communicate what could now be the largest cyber-attack on an American company.

Is there more to this security breach and others?

One can only notice the similarities between this breach and the one that previously put Target CEO out of job. In the previous biggest cyber-attack on an American company, Target lost personal data for more than 110 million of its customers, some of which included credit card info.

In the aftermath the company was heavily investigated by law enforcement as well as the secret service. The company hired a new CIO following the security breach, Bob DeRhodes, a former security analyst for the US Department of Homeland Security, US Department of Justice and the US Secretary of Defense.

The fact that Target customers’ credit card info later showed up on Russian underground forums, as well as involvement from national security specialists, points to something closer to cyber warfare than your everyday phishing.

There will be others

The shady practices employed by the NSA to gather intel have probably left the Internet a less secure place. If it weren’t for Heartbleed, a vulnerability the agency has allegedly kept secret, or other backdoors, tracked and harnessed in the interest of “national security” – probably Ebay wouldn’t report losing more than 200 million accounts today.

Now I’m not saying that some groups left american tech companies with heavy security gaps. And I’m not saying that some former agent / analyst of theirs is halfway across the globe in a country known for its history of espionage and overall unfriendliness toward US. But probably someone should say it.