Customers Should Approach eBay With Caution

On Wednesday, May 21, cyberspace became a little over-crowded with unwelcome users. Cybercriminals logged into e-commerce giant eBay's (NASDAQ: EBAY  ) internal corporate account, gaining access to eBay's 145 million registered users' personal information. eBay is still continuing to work with law enforcement in a thorough investigation into the breach.

Is eBay's breach similar to Targets?
In December of 2013, Target (NYSE: TGT  ) faced a similar attack. And unfortunately for its shareholders, Target continues to feel the effects. Although eBay declares that financial information was not compromised as was the case with Target, eBay still experienced similarities to Targets data breach that should not be overlooked.

Shortly after the attack, Target learned that the hackers accessed more than originally assumed, including mailing and email addresses, phone numbers, names from roughly 70 million Target shoppers, and payment data from over 40 million payment-card members. 

Target is still facing the ramifications from this incident, which included total costs topping $200 million according to a report from Consumer Bankers Association.

Similarly, eBay reported that the cyber-criminals in the breach retrieved customer passwords, email addresses, physical addresses, phone numbers, and dates of birth.  However, while Target exposed pieces of information for 110 million customers, eBay left 145 million registered users, and potentially thousands of unregistered users, unprotected.

Should investors and consumers run from eBay?
While the exposed database did not include any financial data, it is extremely likely that many registered users use similar, if not the exact same, log-in information with PayPal. That detail alone puts eBay and its users at risk.

eBay, making its best efforts to avoid potential damage, urged consumers to immediately change their account passwords. According to the Wall Street Journal, the stolen passwords were encrypted, meaning that the passwords were presented in a jumbled manner, making the information incorrect and unusable unless unscrambled correctly by the hackers.

While it sounds like the encryption may have pulled eBay out of hot water, Target's experience proposes otherwise.

For example, following the breach, Target revealed to customers that their personal information was protected by the aforementioned encryption, and that the company had stored the keys to unlock the encryption. While this was a great idea for protection, Target used too basic of an algorithm, or process that follows calculations or other problem-solving techniques, to protect the information. The company used the standard algorithm known as 3DES.

Basically, Target's 3DES system is known for being weak in "brute-force attacks," which are when cyber-criminals use computers that enable them to use high speed guessing, resulting in more rapid success in deciphering the jumbled encryption.

Adobe Systems (NASDAQ: ADBE) also faced a data breach just a year ago which exposed encrypted information as well. Unfortunately for Adobe customers, the hackers bypassed the encryption and uncovered millions of customer passwords on Adobe within weeks.

Adobe also used the 3DES algorithm. 

Despite the circumstances, just one day after the breach was released to consumers, Adobe stock price actually rose. How could that be?

The answer: Adobe capitalized on incident management, which benefited Adobe as a result. Adobe alerted their consumers about the breach as quickly as possible, and also offered a years' worth of free credit monitoring through Experian, a large credit bureau, to those who were effected.

Roughly a year later, Adobe is thriving. Although sales are down 8% and net income has dropped 65% as a result of transitioning to a new business plan, it is what's underneath that proves fruitful for Adobe.

On June 17, Adobe reported that shares were up 8% in after-hours trading, reaching an all-time high market capitalization of $33.6 billion. It is likely that the recent decline in sales and net income come as a result of the transition, from selling desktop software for nearly $3,000, to offering subscriptions for its new software, "Creative Cloud" for just $50 per month. Although the recent transition has brought sudden declines, it is expected to produce long-term benefits for Adobe.   

 

eBay's Next Steps
Unless eBay protected its encryption with a more challenging algorithm, it is likely that eBay could suffer punishment similar to Adobe and Target. All eBay users, registered or not, should be weary of what new information may be presented as the investigation progresses.

Anup Ghosh, founder of the software company Invincea said, "Like a natural catastrophe, usually a low number of breached records is reported and, as the story unfolds, the number of compromises grows and grows." Ghosh also stated that hackers may use the stolen email addresses to probe users for more information, such as a personal question or a Social Security Numbers in attempts at identity theft. 

As of Tuesday, eBay shares have dropped 2.4% to $48.38.

Foolish Final Thoughts
eBay displayed what not to do in the event of a data breach. The company took days to post a notice about the breach on eBay.com, confused users as to whether their PayPal accounts had been affected as well, and many eBay users had never received an email notification warning them about the breach nor informing them to change their password.

Dave Kennedy, the CEO of security consultancy and breach response firm TrustedSec, said, "It just seems like their response has been complete disarray and disorganization. This is one of the worst responses I have seen in the past ten years from a company that's experienced a breach."

Investors should approach cautiously, as customers become more aware of the breach, their usage may become less frequent. eBay customers should also remain alert, and prepare themselves for grim news that may come next quarter.

You can't afford to miss this
"Made in China" -- an all too familiar phrase. But not for much longer: There's a radical new technology out there, one that's already being employed by the U.S. Air Force, BMW and even Nike. Respected publications like The Economist have compared this disruptive invention to the steam engine and the printing press; Business Insider calls it "the next trillion dollar industry." Watch The Motley Fool's shocking video presentation to learn about the next great wave of technological innovation, one that will bring an end to "Made In China" for good. Click here!


Read/Post Comments (3) | Recommend This Article (2)

Comments from our Foolish Readers

Help us keep this a respectfully Foolish area! This is a place for our readers to discuss, debate, and learn more about the Foolish investing topic you read about above. Help us keep it clean and safe. If you believe a comment is abusive or otherwise violates our Fool's Rules, please report it via the Report this Comment Report this Comment icon found on every comment.

  • Report this Comment On June 23, 2014, at 3:10 PM, NetAnaylyst wrote:

    Well before the HACKING event was mishandled so terribly by eBay top brass, Icahn had astutely pointed out that eBay has "the worst corporate governance that I have ever seen" and observed that CEO Donahoe was "either asleep at the wheel or blind". The performance of eBay stock the past few weeks is very revealing as to the level of confidence that eBay's corporate elite are able to inspire.

  • Report this Comment On June 23, 2014, at 3:57 PM, OldeKingTroll wrote:

    Brother, Icahn said a mouthful.

  • Report this Comment On June 24, 2014, at 7:17 AM, PhilipCohen wrote:

    Certainly, Customers Should Approach eBay With Caution ...

    eBay’s Massive Fraud on Buyers at Auction

    The fundamental fraud by eBay on consumers is eBay's demonstrably false claim to have “sophisticated and proactive” systems in place to control shill bidding fraud. Clearly, eBay has no such systems in place, and such a claim is therefore a "false representation for the purpose of making a gain” and that is effectively criminal fraud on eBay users, a deliberate and outrageous deception on eBay’s great many trusting users, leading those users to believe that the warm woolly coats on their backs are safe when, in fact, eBay is leading them into the shearing shed where eBay’s wolves are laying in wait. Indeed, eBay has been tacitly aiding and abetting, and effectively encouraging such criminal wire fraud activity since the year dot, and more so since eBay’s Johnny Ho introduced the additional anonymity for bidding IDs in 2008, for no other reason than to further obscure the demonstrably endemic shill bidding fraud from which eBay profits handsomely …

    http://www.ecommercebytes.com/forums/vbulletin/showthread.ph...

    And it also says a lot about the laziness, or corruption, of the regulatory authorities that no action has been taken even to stop, let alone to prosecute eBay for, this demonstrable, ongoing, massive, wire fraud on consumers …

    Nevertheless, eBay is an Equal Opportunity Fraudster

    eBay may appear to be biased in favour of buyers, when it suits their purpose, but it’s nigh impossible to keep a track of all the deviousness and unscrupulousness, or the criminal activity, of eBay Inc.; their unprincipled activities are so pervasive; one can only generalize and describe eBay as an “equal opportunity fraudster”: they themselves will defraud, or will tacitly, and explicitly (McFadden/eDropOff), aid and abet others to defraud, whoever they can, whenever they can—as long as there is a gain in it for eBay. eBay is probably the most unscrupulous commercial entity on the planet; eBay is, demonstrably, the greatest calculated facilitator of the most massive, endemic, auction fraud on consumers that the world is ever likely to know and, doubtless, there will be a trickle down effect of like criminal activity to their other operations. Ultimately, anyone that does any form of business with eBay, or any of its subsidiaries, eg “PreyPal”, does so at their constant peril …

    eBay Inc, where the incompetent mingle with the malevolent and the outright criminal, and the just plain stupid ...

    http://www.ecommercebytes.com/forums/vbulletin/showthread.ph...

Add your comment.

Sponsored Links

Leaked: Apple's Next Smart Device
(Warning, it may shock you)
The secret is out... experts are predicting 458 million of these types of devices will be sold per year. 1 hyper-growth company stands to rake in maximum profit - and it's NOT Apple. Show me Apple's new smart gizmo!

DocumentId: 3004204, ~/Articles/ArticleHandler.aspx, 10/24/2014 9:49:46 AM

Report This Comment

Use this area to report a comment that you believe is in violation of the community guidelines. Our team will review the entry and take any appropriate action.

Sending report...


Advertisement