8 Lessons You Can Learn from the eBay Attack (That Stole Your Password)
By Jason Cipriani
Updated September 19, 2017
Passwords are something we should hold near and dear, yet it feels like every week there's a new hack to a popular service that puts us at risk. eBay is just the latest service to leak your information; here's what you need to know.
Hackers can make off with more than passwords
eBay has announced it had recently discovered the database that housed usernames, passwords, email addresses, physical addresses, phone numbers and date of births has been compromised by hackers.
The wealth of information that was compromised is disturbing. The passwords were encrypted, so it's unlikely hackers have access to your actual password. Everything else, however was stored in plaintext -- so they have your name, address, and other details stored at eBay.
You should change your passwords
Anytime a site like eBay is hacked, you should change your password at that site.
Pick a strong password. Combine upper and lowercase letters with numbers and symbols when allowed. And most importantly, use a unique password for every single account you use (more on that in a minute).
And if you used that password on other sites, be sure to change the password at those other sites as well. Just to be safe.
Salt and Hash protects your password
If you've read any techy news regarding hacks like the one at eBay, you might have heard the terms "Salt" and "Hash" when discussing the type of encryption used.
The terms don't reference some form of online cuisine. Instead, they describe an encryption process that makes it very difficult for hackers to turn an encrypted password into plain text. Passwords encrypted with this technology is pretty safe -- don't worry about criminals figuring out your password from the stolen data.
Make sure every site has its own password
Using a strong password is a must for any online service. But more importantly, using a different password for each service you use is paramount to keeping your information secure.
Shortly after eBay announced its database had been compromised, some Australian iPhone users woke up to locked devices and demands for payment before the device would be unlocked.
There's no apparent correlation between the breach and the ransom demands (yet), but it should serve as a reminder when you use the same password for multiple services, hackers could have virtually limitless access to your online life.
Use a password manager
The easiest way to ensure you not just create, but remember, complex passwords (since you are now using unique passwords, right?) is to use a password managing app.
A popular password managing app is 1Password. A suite of 1Password apps and browser extensions create and remember complex passwords for you. The apps even log you in with a quick key combination.
Other password managers include LastPass, Dashlane, and Roboform. Choose the one you like best.
Make secure passwords with a generator
Using yet another app isn't for everyone. Should you decide you don't want to use a password manager (although you really, really should use one), you can use a password generator to come up with randomly created, very strong passwords for you.
Simply check some boxes marking the password criteria, and then click a button: A random string of characters will be spit out at you for you to memorize or record somewhere.
Make sites hard to crack with 2FA
In addition to unique, complex passwords, you should graduate to two-factor (or two-step) authentication, sometimes abbreviated 2FA. Popular services such as Dropbox, Facebook, Twitter, Google, and Apple all use some form of the service. Your financial institutions might, as well.
Here's how it works: After entering your username and password, you're then sent a short code (usually via a text message) which is also required to gain access to your account.
The extra step makes it nearly impossible for hackers to gain access to your account, even with your current password.
It's not a question of if, but when (again)
Database leaks and breaches are simply a fact of your digital life now. Hackers will continue to gain access to your personal information.
The only thing you can do to help minimize any potential damage it can cause in your life is to stop using the same password across all of your accounts. Use a password managing app, or at the very least a random password generator. And last but not least, stay on top of regularly changing your passwords.
Jason Cipriani has been a technology writer since 2009. He offers daily tech tips on CNET, reviews new products on TechdadReview.com, serves as a weekly contributor to the "Pueblo Chieftain" newspaper and covers tech-related topics for "PULP" magazine.