If you’re one of eBay’s 112 million customers, later today, you’ll likely receive an email asking you to change your password. That’s because the auction site has been hit with a massive security breach. The breach, which occurred between late February and early March, involved unauthorized users gaining access to a database which contained encrypted user passwords. These passwords could, upon reaching the wider internet, easily be unencrypted, giving unauthorized users access to your eBay account.
If you are a small business owner who conducts business on eBay, changing your password regularly should be part of your standard operating procedure. Ideally, you’ll be altering your password at least quarterly. Make sure you change your password now.
Additionally, as the full magnitude of this breach has yet to be determined, you’ll want to have some policies and procedures in place to confirm that purchases are actually being made by authorized users. This can be as simple as an automated email to confirm all purchases are authorized, sent to the buyer’s email on record. The time spent protecting your interests now can head off any potentially expensive headaches further down the road.
If you’re not conducting any business on eBay, their misfortune can still provide a valuable lesson for you. Customer database security needs to be a top priority for all organizations. What protocols or internal controls do you have in place to make sure your customers’ information is safe? This breach is a good reminder to review the protections you are currently using and make sure they are adequate.
Data security is an issue that is not going to go away.
For further information, you may want to review this article I wrote for Bank of America, “The Six Data Protection Best Practices You Need to Know.”
If you need help making sure your website is secure and your customers’ data is always protected, give us a call. Our team of world class web developers will help you do what you need to do to make sure you can sleep easy at night, knowing you’ve done what you need to do to protect your company’s interests.