EBay breach down to 'marketing outstripping security and laziness', says hacker

EBay's data breach that exposed the data of 122 million of its users is a sign that companies' marketing "has advanced far faster than the security", according to former hacker Jake Davis.

eBay: suffers data breach
eBay: suffers data breach

Dr Ian Brown, associate director of Oxford University's cyber security centre, believes the breach that exposed eBay users’ passwords once again raises the issue of what "kind of penalty would actually be meaningful to companies like Sony and eBay". 

Brown was referencing the £250,000 fine imposed by the Information Commissioner’s Office on Sony after its PlayStation network was breached.

Speaking on BBC Radio 4’s Today programme, former hacker Davis said he believes companies are currently not doing enough to prevent hacks out of "laziness" rather than monetary constraints.

He said: "I think it is more of an attention issue than a money one. A lot of these companies are hacked via means that hackers have been using since the 90s.

"The marketing of these companies has advanced far faster than the security just due to laziness."

Davis argues the issue could be sorted with a "simple meeting" where executives "sit down and map out their entire network: who has access to what and what parts of the website are important and secure them".

EBay is now asking users to change their passwords because of the cyber attack, which it insists has not compromised any financial data.

The company said that after conducting tests it has found "no evidence of any unauthorised access to financial or credit card information".

It appears the hackers tricked a small number of employees to give up their log-in credentials in a breach that happened in late February and early March.

The hackers gained access to eBay customers’ names, encrypted passwords, email addresses, physical addresses, phone numbers and date of birth. 

Raj Samani, chief technology officer of EMEA at McAfee, said: "The breach could have inadvertently compromised additional data, and there is no way of knowing who has this data, and what other scams it may be used for. 

"Therefore, it is imperative for consumers to be alert for emails asking for information, even if they already seem to know some personal details about them. In addition, it is important to track credit transactions for new accounts that they did not open."

Become a member of Campaign from just £51 a quarter

Get the very latest news and insight from Campaign with unrestricted access to campaignlive.co.uk , plus get exclusive discounts to Campaign events

Become a member

Looking for a new job?

Get the latest creative jobs in advertising, media, marketing and digital delivered directly to your inbox each day.

Create an alert now

Partner content