Ebay Lost 233 Million Accounts. Could It Be More Than Hackers?

In what could be the biggest security breach in history, Ebay may have lost personal data for 233 million accounts. Long story short – hackers got access to employees’ corporate network credentials, probably by phishing. They than accessed and extracted user data saved on Ebay databases, including addresses, date of birth, usernames, emails and passwords, which Ebay officials mentioned were encrypted. There is yet no report of hackers stealing credit card info from PayPal (an Ebay subsidiary).

A totally unrelated Ebay product
A totally unrelated Ebay product

Ebay was “quick”  to notify its users on the breach – it only took them three months to discover and communicate what could now be the largest cyber-attack on an American company.

Is there more to this security breach and others?

One can only notice the similarities between this breach and the one that previously put Target CEO out of job. In the previous biggest cyber-attack on an American company, Target lost personal data for more than 110 million of its customers, some of which included credit card info.

In the aftermath the company was heavily investigated by law enforcement as well as the secret service. The company hired a new CIO following the security breach, Bob DeRhodes, a former security analyst for the US Department of Homeland Security, US Department of Justice and the US Secretary of Defense.

The fact that Target customers’ credit card info later showed up on Russian underground forums, as well as involvement from national security specialists, points to something closer to cyber warfare than your everyday phishing.

There will be others

The shady practices employed by the NSA to gather intel have probably left the Internet a less secure place. If it weren’t for Heartbleed, a vulnerability the agency has allegedly kept secret, or other backdoors, tracked and harnessed in the interest of “national security” – probably Ebay wouldn’t report losing more than 200 million accounts today.

Now I’m not saying that some groups left american tech companies with heavy security gaps. And I’m not saying that some former agent / analyst of theirs is halfway across the globe in a country known for its history of espionage and overall unfriendliness toward US. But probably someone should say it.

 

Target CEO Resigns Over Security Breach. Gets Paid Millions to Leave.

Last year american retailer Target was the victim of a security breach. The hack compromised personal data for over 110 million customers. What is now known to be one of the biggest security breach in corporate history has not left the company unscathed.

The Backstory

target-storesOn December 13th, 2013, Target executives meet with the US Justice Department. The reason: discussing a hack that exposed credit and debit card data for over 40 million customers. On December 18th security analyst  Brian Krebs breaks the news. The Secret Service is involved and Target gets investigated.

On Dec. 27, 2013 word’s out that PIN numbers for the stolen cards were accessed. Target acknowledges PIN’s were accessed but says they were not decrypted. Meanwhile Russian forums get flooded with millions of credit cards.

And then it gets worse: Target declares an additional 70 million customers were affected by the security breach. The company reveals poor Holiday sales. Lays off 475 employees and reports costs associated with the data loss topping $200 million.

Fortunately, employees get to wear jeans and polo shirts.

The breach left Target in a disastrous situation as profits dropped 46% in the last quarter (-$440 million), compared to the year before.

First the CIO, now the CEO

After the blast, some heads were sure to fall. First was CIO Beth Jacob, the obvious … target. To show it means business, the company brought Bob DeRodes on board, as new CIO and executive VP. DeRodes, 63, started on May 5th and now oversees the adoption of secure technology, with the help of $100 million worth of tech investments.

The new CIO is a tech security veteran, his previous endeavors including being a senior IT advisor for some organizations you might have heard of: the US Department of Homeland Security, US Department of Justice and the US Secretary of Defense.

gregg-steinhafel
Gregg Steinhafel

But that was not enough. Chairman, President and CEO Gregg Steinhafel announced his resignation. The breach left both Steinhafel and the company in a vulnerable position. 

The company announced the parts have reached a settlement that will probably allow the ex-CEO to walk out with over $11.7 million salary and incentive pay. Not bad for a CEO leaving a company that lost $941 million in its Canadian 2013 expansion, is under heavy fire from Amazon and Walmart and was just exposed to the biggest card robbery in history.

But than again, the man did work for Target for the past 35 years.