Customers Should Approach eBay With Caution

eBay reassured its users that financial information had not been compromised in its recent breach, but other information may prove to be frightening.

Jun 23, 2014 at 11:14AM

On Wednesday, May 21, cyberspace became a little over-crowded with unwelcome users. Cybercriminals logged into e-commerce giant eBay's (NASDAQ:EBAY) internal corporate account, gaining access to eBay's 145 million registered users' personal information. eBay is still continuing to work with law enforcement in a thorough investigation into the breach.

Is eBay's breach similar to Targets?
In December of 2013, Target (NYSE:TGT) faced a similar attack. And unfortunately for its shareholders, Target continues to feel the effects. Although eBay declares that financial information was not compromised as was the case with Target, eBay still experienced similarities to Targets data breach that should not be overlooked.

Shortly after the attack, Target learned that the hackers accessed more than originally assumed, including mailing and email addresses, phone numbers, names from roughly 70 million Target shoppers, and payment data from over 40 million payment-card members. 

Target is still facing the ramifications from this incident, which included total costs topping $200 million according to a report from Consumer Bankers Association.

Similarly, eBay reported that the cyber-criminals in the breach retrieved customer passwords, email addresses, physical addresses, phone numbers, and dates of birth.  However, while Target exposed pieces of information for 110 million customers, eBay left 145 million registered users, and potentially thousands of unregistered users, unprotected.

Should investors and consumers run from eBay?
While the exposed database did not include any financial data, it is extremely likely that many registered users use similar, if not the exact same, log-in information with PayPal. That detail alone puts eBay and its users at risk.

eBay, making its best efforts to avoid potential damage, urged consumers to immediately change their account passwords. According to the Wall Street Journal, the stolen passwords were encrypted, meaning that the passwords were presented in a jumbled manner, making the information incorrect and unusable unless unscrambled correctly by the hackers.

While it sounds like the encryption may have pulled eBay out of hot water, Target's experience proposes otherwise.

For example, following the breach, Target revealed to customers that their personal information was protected by the aforementioned encryption, and that the company had stored the keys to unlock the encryption. While this was a great idea for protection, Target used too basic of an algorithm, or process that follows calculations or other problem-solving techniques, to protect the information. The company used the standard algorithm known as 3DES.

Basically, Target's 3DES system is known for being weak in "brute-force attacks," which are when cyber-criminals use computers that enable them to use high speed guessing, resulting in more rapid success in deciphering the jumbled encryption.

Adobe Systems (NASDAQ: ADBE) also faced a data breach just a year ago which exposed encrypted information as well. Unfortunately for Adobe customers, the hackers bypassed the encryption and uncovered millions of customer passwords on Adobe within weeks.

Adobe also used the 3DES algorithm. 

Despite the circumstances, just one day after the breach was released to consumers, Adobe stock price actually rose. How could that be?

The answer: Adobe capitalized on incident management, which benefited Adobe as a result. Adobe alerted their consumers about the breach as quickly as possible, and also offered a years' worth of free credit monitoring through Experian, a large credit bureau, to those who were effected.

Roughly a year later, Adobe is thriving. Although sales are down 8% and net income has dropped 65% as a result of transitioning to a new business plan, it is what's underneath that proves fruitful for Adobe.

On June 17, Adobe reported that shares were up 8% in after-hours trading, reaching an all-time high market capitalization of $33.6 billion. It is likely that the recent decline in sales and net income come as a result of the transition, from selling desktop software for nearly $3,000, to offering subscriptions for its new software, "Creative Cloud" for just $50 per month. Although the recent transition has brought sudden declines, it is expected to produce long-term benefits for Adobe.   


eBay's Next Steps
Unless eBay protected its encryption with a more challenging algorithm, it is likely that eBay could suffer punishment similar to Adobe and Target. All eBay users, registered or not, should be weary of what new information may be presented as the investigation progresses.

Anup Ghosh, founder of the software company Invincea said, "Like a natural catastrophe, usually a low number of breached records is reported and, as the story unfolds, the number of compromises grows and grows." Ghosh also stated that hackers may use the stolen email addresses to probe users for more information, such as a personal question or a Social Security Numbers in attempts at identity theft. 

As of Tuesday, eBay shares have dropped 2.4% to $48.38.

Foolish Final Thoughts
eBay displayed what not to do in the event of a data breach. The company took days to post a notice about the breach on, confused users as to whether their PayPal accounts had been affected as well, and many eBay users had never received an email notification warning them about the breach nor informing them to change their password.

Dave Kennedy, the CEO of security consultancy and breach response firm TrustedSec, said, "It just seems like their response has been complete disarray and disorganization. This is one of the worst responses I have seen in the past ten years from a company that's experienced a breach."

Investors should approach cautiously, as customers become more aware of the breach, their usage may become less frequent. eBay customers should also remain alert, and prepare themselves for grim news that may come next quarter.

You can't afford to miss this
"Made in China" -- an all too familiar phrase. But not for much longer: There's a radical new technology out there, one that's already being employed by the U.S. Air Force, BMW and even Nike. Respected publications like The Economist have compared this disruptive invention to the steam engine and the printing press; Business Insider calls it "the next trillion dollar industry." Watch The Motley Fool's shocking video presentation to learn about the next great wave of technological innovation, one that will bring an end to "Made In China" for good. Click here!

Jade Welsh has no position in any stocks mentioned. The Motley Fool recommends Adobe Systems and eBay. The Motley Fool owns shares of eBay. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

4 in 5 Americans Are Ignoring Buffett's Warning

Don't be one of them.

Jun 12, 2015 at 5:01PM

Admitting fear is difficult.

So you can imagine how shocked I was to find out Warren Buffett recently told a select number of investors about the cutting-edge technology that's keeping him awake at night.

This past May, The Motley Fool sent 8 of its best stock analysts to Omaha, Nebraska to attend the Berkshire Hathaway annual shareholder meeting. CEO Warren Buffett and Vice Chairman Charlie Munger fielded questions for nearly 6 hours.
The catch was: Attendees weren't allowed to record any of it. No audio. No video. 

Our team of analysts wrote down every single word Buffett and Munger uttered. Over 16,000 words. But only two words stood out to me as I read the detailed transcript of the event: "Real threat."

That's how Buffett responded when asked about this emerging market that is already expected to be worth more than $2 trillion in the U.S. alone. Google has already put some of its best engineers behind the technology powering this trend. 

The amazing thing is, while Buffett may be nervous, the rest of us can invest in this new industry BEFORE the old money realizes what hit them.

KPMG advises we're "on the cusp of revolutionary change" coming much "sooner than you think."

Even one legendary MIT professor had to recant his position that the technology was "beyond the capability of computer science." (He recently confessed to The Wall Street Journal that he's now a believer and amazed "how quickly this technology caught on.")

Yet according to one J.D. Power and Associates survey, only 1 in 5 Americans are even interested in this technology, much less ready to invest in it. Needless to say, you haven't missed your window of opportunity. 

Think about how many amazing technologies you've watched soar to new heights while you kick yourself thinking, "I knew about that technology before everyone was talking about it, but I just sat on my hands." 

Don't let that happen again. This time, it should be your family telling you, "I can't believe you knew about and invested in that technology so early on."

That's why I hope you take just a few minutes to access the exclusive research our team of analysts has put together on this industry and the one stock positioned to capitalize on this major shift.

Click here to learn about this incredible technology before Buffett stops being scared and starts buying!

David Hanson owns shares of Berkshire Hathaway and American Express. The Motley Fool recommends and owns shares of Berkshire Hathaway, Google, and Coca-Cola.We Fools don't all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

©1995-2014 The Motley Fool. All rights reserved. | Privacy/Legal Information