Personal privacy issue
As stated on the home page for this blog, sometimes I will be writing about privacy issues, as they are intricately tied to many topics related to information security. In fact, the whole basic idea of information security is to keep electronically-stored things private when they should stay private.
I will also sometimes talk about issues that may not be directly tied to information security at the workplace. This is because personal security and privacy practices related to our non-work lives can have tenets or lessons that can apply directly to our work security and privacy practices. Today is an example.
Currently, there is a lot of news about an intrusion into the network systems holding personal and private information related to eBay customers . Because of this breach, the company is recommending that all customers change their passwords.
In fact, the eBay passwords that may have been compromised are encrypted, which will be difficult for the hackers to break (but not impossible). However, a significant aspect of this data security breach is that the exposed user accounts may have also included unencrypted personal information, such as names, addresses, etc.
This puts many of eBay’s customers at a high risk of increased attempts to social engineer, or trick, them into providing even more private personal information.
The importance of password security and the principles of social engineering are basic information security concepts every technology user should understand, whether you are applying them to your personal life, or to your work responsibilities.
If you are an eBay customer, or a customer of PayPal, which is also owned by eBay, you should at least take the recommended precautionary step of changing those passwords. Making this change does not guarantee that your personal information held by the company is totally secure, but it is a good first step in the wake of this incident.