Yesterday’s news of a major security breach of online auction house eBay brought plenty of trouble for the company in the form of annoyed customers, all of whom have been forced to change their passwords. But it seems there’s even more trouble afoot for eBay: today, CNET reports that three states – Connecticut, Florida, and Illinois – have joined forces to investigate the breach.
According to the post, the three states intend to find out just what could have caused such a massive breach to take place, and what eBay intends to do to keep another breach from happening going forward. Said Connecticut Attorney General spokesperson Jaclyn Falkowski:
“Our office has been in contact with the company, and our inquiry will focus on the measures the company had in place in regards to the security of personal information prior to the incident, the circumstances that led to the breach, how many u sers were affected, the company’s response to the breach and what measures the company is taking to prevent future incidents.”
It’s a valid batch of questions. From what we’ve seen so far, it seems as though hackers were able to access the sensitive customer data by first gaining access to eBay’s corporate employee log-in credentials. How did that happen? Was it as simple as an employee writing his username and password on a napkin? Or was there actual security that was broken through via cyberattack?
Moreover, eBay says the breach took place in February and March, and was discovered two weeks ago. So why was there a two week gap between discovery and the urgent message to change passwords?
It stands to reason that the two week window allowed eBay to assess the potential damage the breachers may or may not have done with customer information. Being able to monitor activity without the hackers knowing that eBay was on to them could have helped them check and see if anything suspicious had happened. Even still, it’s worrisome to know that there were two weeks’ worth of unsecure business transactions happening on the site, which many people rely on to supplement their income, or even use as their entire income source.
Will more states join in? Possibly. For one thing, the UK’s Information Commissioner Christopher Graham is thinking about an investigation as well. Chances seem good that things are going to get worse for eBay in this department before they get better.