Customers Should Approach eBay With Caution

eBay reassured its users that financial information had not been compromised in its recent breach, but other information may prove to be frightening.

Jun 23, 2014 at 11:14AM

On Wednesday, May 21, cyberspace became a little over-crowded with unwelcome users. Cybercriminals logged into e-commerce giant eBay's (NASDAQ:EBAY) internal corporate account, gaining access to eBay's 145 million registered users' personal information. eBay is still continuing to work with law enforcement in a thorough investigation into the breach.

Is eBay's breach similar to Targets?
In December of 2013, Target (NYSE:TGT) faced a similar attack. And unfortunately for its shareholders, Target continues to feel the effects. Although eBay declares that financial information was not compromised as was the case with Target, eBay still experienced similarities to Targets data breach that should not be overlooked.

Shortly after the attack, Target learned that the hackers accessed more than originally assumed, including mailing and email addresses, phone numbers, names from roughly 70 million Target shoppers, and payment data from over 40 million payment-card members. 

Target is still facing the ramifications from this incident, which included total costs topping $200 million according to a report from Consumer Bankers Association.

Similarly, eBay reported that the cyber-criminals in the breach retrieved customer passwords, email addresses, physical addresses, phone numbers, and dates of birth.  However, while Target exposed pieces of information for 110 million customers, eBay left 145 million registered users, and potentially thousands of unregistered users, unprotected.

Should investors and consumers run from eBay?
While the exposed database did not include any financial data, it is extremely likely that many registered users use similar, if not the exact same, log-in information with PayPal. That detail alone puts eBay and its users at risk.

eBay, making its best efforts to avoid potential damage, urged consumers to immediately change their account passwords. According to the Wall Street Journal, the stolen passwords were encrypted, meaning that the passwords were presented in a jumbled manner, making the information incorrect and unusable unless unscrambled correctly by the hackers.

While it sounds like the encryption may have pulled eBay out of hot water, Target's experience proposes otherwise.

For example, following the breach, Target revealed to customers that their personal information was protected by the aforementioned encryption, and that the company had stored the keys to unlock the encryption. While this was a great idea for protection, Target used too basic of an algorithm, or process that follows calculations or other problem-solving techniques, to protect the information. The company used the standard algorithm known as 3DES.

Basically, Target's 3DES system is known for being weak in "brute-force attacks," which are when cyber-criminals use computers that enable them to use high speed guessing, resulting in more rapid success in deciphering the jumbled encryption.

Adobe Systems (NASDAQ: ADBE) also faced a data breach just a year ago which exposed encrypted information as well. Unfortunately for Adobe customers, the hackers bypassed the encryption and uncovered millions of customer passwords on Adobe within weeks.

Adobe also used the 3DES algorithm. 

Despite the circumstances, just one day after the breach was released to consumers, Adobe stock price actually rose. How could that be?

The answer: Adobe capitalized on incident management, which benefited Adobe as a result. Adobe alerted their consumers about the breach as quickly as possible, and also offered a years' worth of free credit monitoring through Experian, a large credit bureau, to those who were effected.

Roughly a year later, Adobe is thriving. Although sales are down 8% and net income has dropped 65% as a result of transitioning to a new business plan, it is what's underneath that proves fruitful for Adobe.

On June 17, Adobe reported that shares were up 8% in after-hours trading, reaching an all-time high market capitalization of $33.6 billion. It is likely that the recent decline in sales and net income come as a result of the transition, from selling desktop software for nearly $3,000, to offering subscriptions for its new software, "Creative Cloud" for just $50 per month. Although the recent transition has brought sudden declines, it is expected to produce long-term benefits for Adobe.   

 

eBay's Next Steps
Unless eBay protected its encryption with a more challenging algorithm, it is likely that eBay could suffer punishment similar to Adobe and Target. All eBay users, registered or not, should be weary of what new information may be presented as the investigation progresses.

Anup Ghosh, founder of the software company Invincea said, "Like a natural catastrophe, usually a low number of breached records is reported and, as the story unfolds, the number of compromises grows and grows." Ghosh also stated that hackers may use the stolen email addresses to probe users for more information, such as a personal question or a Social Security Numbers in attempts at identity theft. 

As of Tuesday, eBay shares have dropped 2.4% to $48.38.

Foolish Final Thoughts
eBay displayed what not to do in the event of a data breach. The company took days to post a notice about the breach on eBay.com, confused users as to whether their PayPal accounts had been affected as well, and many eBay users had never received an email notification warning them about the breach nor informing them to change their password.

Dave Kennedy, the CEO of security consultancy and breach response firm TrustedSec, said, "It just seems like their response has been complete disarray and disorganization. This is one of the worst responses I have seen in the past ten years from a company that's experienced a breach."

Investors should approach cautiously, as customers become more aware of the breach, their usage may become less frequent. eBay customers should also remain alert, and prepare themselves for grim news that may come next quarter.

You can't afford to miss this
"Made in China" -- an all too familiar phrase. But not for much longer: There's a radical new technology out there, one that's already being employed by the U.S. Air Force, BMW and even Nike. Respected publications like The Economist have compared this disruptive invention to the steam engine and the printing press; Business Insider calls it "the next trillion dollar industry." Watch The Motley Fool's shocking video presentation to learn about the next great wave of technological innovation, one that will bring an end to "Made In China" for good. Click here!

Jade Welsh has no position in any stocks mentioned. The Motley Fool recommends Adobe Systems and eBay. The Motley Fool owns shares of eBay. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

1 Key Step to Get Rich

Our mission at The Motley Fool is to help the world invest better. Whether that’s helping people overcome their fear of stocks all the way to offering clear and successful guidance on complicated-sounding options trades, we can help.

Feb 1, 2016 at 4:54PM

To be perfectly clear, this is not a get-rich action that my Foolish colleagues and I came up with. But we wouldn't argue with the approach.

A 2015 Business Insider article titled, "11 websites to bookmark if you want to get rich" rated The Motley Fool as the #1 place online to get smarter about investing.

"The Motley Fool aims to build a strong investment community, which it does by providing a variety of resources: the website, books, a newspaper column, a radio [show], and [newsletters]," wrote (the clearly insightful and talented) money reporter Kathleen Elkins. "This site has something for every type of investor, from basic lessons for beginners to investing commentary on mutual funds, stock sectors, and value for the more advanced."

Our mission at The Motley Fool is to help the world invest better, so it's nice to receive that kind of recognition. It lets us know we're doing our job.

Whether that's helping the entirely uninitiated overcome their fear of stocks all the way to offering clear and successful guidance on complicated-sounding options trades, we want to provide our readers with a boost to the next step on their journey to financial independence.

Articles and beyond

As Business Insider wrote, there are a number of resources available from the Fool for investors of all levels and styles.

In addition to the dozens of free articles we publish every day on our website, I want to highlight two must-see spots in your tour of fool.com.

For the beginning investor

Investing can seem like a Big Deal to those who have yet to buy their first stock. Many investment professionals try to infuse the conversation with jargon in order to deter individual investors from tackling it on their own (and to justify their often sky-high fees).

But the individual investor can beat the market. The real secret to investing is that it doesn't take tons of money, endless hours, or super-secret formulas that only experts possess.

That's why we created a best-selling guide that walks investors-to-be through everything they need to know to get started. And because we're so dedicated to our mission, we've made that available for free.

If you're just starting out (or want to help out someone who is), go to www.fool.com/beginners, drop in your email address, and you'll be able to instantly access the quick-read guide ... for free.

For the listener

Whether it's on the stationary exercise bike or during my daily commute, I spend a lot of time going nowhere. But I've found a way to make that time benefit me.

The Motley Fool offers five podcasts that I refer to as "binge-worthy financial information."

Motley Fool Money features a team of our analysts discussing the week's top business and investing stories, interviews, and an inside look at the stocks on our radar. It's also featured on several dozen radio stations across the country.

The hosts of Motley Fool Answers challenge the conventional wisdom on life's biggest financial issues to reveal what you really need to know to make smart money moves.

David Gardner, co-founder of The Motley Fool, is among the most respected and trusted sources on investing. And he's the host of Rule Breaker Investing, in which he shares his insights into today's most innovative and disruptive companies ... and how to profit from them.

Market Foolery is our daily look at stocks in the news, as well as the top business and investing stories.

And Industry Focus offers a deeper dive into a specific industry and the stories making headlines. Healthcare, technology, energy, consumer goods, and other industries take turns in the spotlight.

They're all informative, entertaining, and eminently listenable ... and I don't say that simply because the hosts all sit within a Nerf-gun shot of my desk. Rule Breaker Investing and Answers contain timeless advice, so you might want to go back to the beginning with those. The other three take their cues from the market, so you'll want to listen to the most recent first. All are available at www.fool.com/podcasts.

But wait, there's more

The book and the podcasts – both free ... both awesome – also come with an ongoing benefit. If you download the book, or if you enter your email address in the magical box at the podcasts page, you'll get ongoing market coverage sent straight to your inbox.

Investor Insights is valuable and enjoyable coverage of everything from macroeconomic events to investing strategies to our analyst's travels around the world to find the next big thing. Also free.

Get the book. Listen to a podcast. Sign up for Investor Insights. I'm not saying that any of those things will make you rich ... but Business Insider seems to think so.


Compare Brokers