IT for Donuts: how to stay safe after the eBay breach


Date: 23 May 2014

eBay logo{{}}IT for Donuts is a regular Friday feature where we explain a tech term or answer a question about business IT.

In the wake of eBay's enormous security breach, this week we look at what you can do to protect yourself and your business.

The eBay security breach

On Wednesday, ecommerce giant eBay revealed it has suffered a security breach of gigantic proportions.

Cyberattackers compromised the company's user database and accessed key customer details. These include names, post and email addresses, encrypted passwords and dates of birth.

This information could be used to carry out identity theft, access users' other online accounts — and generally wreak havoc.

So, if you're an eBay customer, what should you do? And what precautions can keep you safe from similar attacks in future?

1. Change your passwords

For starters, change your eBay password. And as hackers know that people often use the same password for lots of different websites, change those too.

2. Use strong passwords

Strong passwords are hard to guess, because they use a combination of letters, symbols and numbers.

See how to create strong passwords >

3. Stop using the same password everywhere

Many of us use the same passwords for lots of different sites, even when we know it's a bad idea. So stop.

Using different passwords helps you contain problems, because hackers can't run wild through your online accounts.

Having said that, keeping track of multiple passwords is a pain, so you might also want to...

4. Start using a password app

These tools generate unique, strong passwords for each website. They then remember these passwords and insert them when you need them.

The obvious issue with using a password app is it means saving or storing your passwords somewhere. However, with high-profile security breaches regularly hitting the news, nowadays using a password app feels safer than not using one.

We like LastPass and 1Password.

5. Watch out for phishing emails

Now the eBay breach is public knowledge, other online criminals will try to take advantage with fake emails.

These phishing emails may purport to be from eBay and invite you to click a link to change your password. But if you do so, you'll really be providing those details to another hacker.

You can read our advice on phishing, but the safest thing is to visit, reset your password there and then ignore any future emails.

6. Think about what information you provide

Often, websites ask for a vast amount of information just to get you signed up. Think twice before providing your date of birth, mother's maiden name or other particularly sensitive details. Does the website really need that information?

If the site is subsequently hacked, you could pay the price.

7. Make things up

One way to avoid handing over sensitive data is to make stuff up. After all, why should a clothing retailer know your real date of birth?

If you enter fake information, hackers won't be able to use it to break into your bank accounts or steal your identity.

(If you do decide to enter fictitious details when registering for websites, you may need to remember them to pass that site's security checks in future. Entering false information may also be against a website's rules.)

Are they doing enough?

Following the advice here will help keep you from being affected by the eBay security breach. It'll also give you better control over your personal data in future.

However, is it time we started asking harder questions of the firms to which we entrust these details? Given the regularity with which security breaches occur, should these businesses be investing more time and money to protect us?

Previous IT for Donuts security tips

Image copyright: Katherine Welles

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.