8 Lessons You Can Learn from the eBay Attack (That Stole Your Password)

by Jason Cipriani ; Updated September 19, 2017

Passwords are something we should hold near and dear, yet it feels like every week there's a new hack to a popular service that puts us at risk. eBay is just the latest service to leak your information; here's what you need to know.

Hackers can make off with more than passwords

eBay has announced it had recently discovered the database that housed usernames, passwords, email addresses, physical addresses, phone numbers and date of births has been compromised by hackers.

The wealth of information that was compromised is disturbing. The passwords were encrypted, so it's unlikely hackers have access to your actual password. Everything else, however was stored in plaintext -- so they have your name, address, and other details stored at eBay.

Related: Read the announcement posted on eBay's blog.

You should change your passwords

...

Anytime a site like eBay is hacked, you should change your password at that site.

Pick a strong password. Combine upper and lowercase letters with numbers and symbols when allowed. And most importantly, use a unique password for every single account you use (more on that in a minute).

And if you used that password on other sites, be sure to change the password at those other sites as well. Just to be safe.

Related: Click here to go directly to the My eBay site where you can change your password.

Salt and Hash protects your password

Salt and pepper shakers on white

If you've read any techy news regarding hacks like the one at eBay, you might have heard the terms "Salt" and "Hash" when discussing the type of encryption used.

The terms don't reference some form of online cuisine. Instead, they describe an encryption process that makes it very difficult for hackers to turn an encrypted password into plain text. Passwords encrypted with this technology is pretty safe -- don't worry about criminals figuring out your password from the stolen data.

Related: You can read a more technical explanation of salt and hashing passwords on Scientopia.

Make sure every site has its own password

Apple's Latest iPhone Models Go On Sale Across U.S.

Using a strong password is a must for any online service. But more importantly, using a different password for each service you use is paramount to keeping your information secure.

Shortly after eBay announced its database had been compromised, some Australian iPhone users woke up to locked devices and demands for payment before the device would be unlocked.

There's no apparent correlation between the breach and the ransom demands (yet), but it should serve as a reminder when you use the same password for multiple services, hackers could have virtually limitless access to your online life.

Related: Read more about the iPhone ransom demands in Australia.

Use a password manager

...

The easiest way to ensure you not just create, but remember, complex passwords (since you are now using unique passwords, right?) is to use a password managing app.

A popular password managing app is 1Password. A suite of 1Password apps and browser extensions create and remember complex passwords for you. The apps even log you in with a quick key combination.

Other password managers include LastPass, Dashlane, and Roboform. Choose the one you like best.

Related: Read more about 1Password from AgileBits.

Make secure passwords with a generator

...

Using yet another app isn't for everyone. Should you decide you don't want to use a password manager (although you really, really should use one), you can use a password generator to come up with randomly created, very strong passwords for you.

Simply check some boxes marking the password criteria, and then click a button: A random string of characters will be spit out at you for you to memorize or record somewhere.

Related: Visit Secure Password Generator to create a new password, or get some new password advice.

Make sites hard to crack with 2FA

...

In addition to unique, complex passwords, you should graduate to two-factor (or two-step) authentication, sometimes abbreviated 2FA. Popular services such as Dropbox, Facebook, Twitter, Google, and Apple all use some form of the service. Your financial institutions might, as well.

Here's how it works: After entering your username and password, you're then sent a short code (usually via a text message) which is also required to gain access to your account.

The extra step makes it nearly impossible for hackers to gain access to your account, even with your current password.

Related: Read more about why two-step authentication is no longer an option on The New York Times.

It's not a question of if, but when (again)

Close-up of padlock and chain around laptop computer

Database leaks and breaches are simply a fact of your digital life now. Hackers will continue to gain access to your personal information.

The only thing you can do to help minimize any potential damage it can cause in your life is to stop using the same password across all of your accounts. Use a password managing app, or at the very least a random password generator. And last but not least, stay on top of regularly changing your passwords.

Related: Forbe's offers some terrific advice for dealing not only with the eBay breach, but any hack.

About the Author

Jason Cipriani has been a technology writer since 2009. He offers daily tech tips on CNET, reviews new products on TechdadReview.com, serves as a weekly contributor to the "Pueblo Chieftain" newspaper and covers tech-related topics for "PULP" magazine.

Photo Credits

  • photo_camera Sean Gallup/Getty Images News/Getty Images