While eBay is still reeling from the massive security breach we recently detailed, it seems as though the company now may have even bigger issues to deal with. eBay is now looking at being investigated for their handling of the personal information of its users and the security principles that the company adheres too.
As CNET first reported, eBay will now have the government to answer to when it comes to questions about how it handles security and that of those who entrust the company their information.
Though the attack happened in late February or early March, eBay failed to recognize anything until early May, and then failed to tell consumers until this week. In a statement by Florida Attorney General Pam Bondi, she had this to say:
The magnitude of the reported eBay data breach could be of historic proportions, and my office is part of a group of other attorneys general in the country investigating the matter. We must do everything in our power to protect consumers’ personal information.
eBay representatives also told Mashable they had no idea how many of the companies 145 million users were affected by having their personal information accessed. Although eBay continues to stress passwords were likely not accessed due to being encrypted, and that financial information was not compromised, the company has failed to understand the magnitude of their failure in the hands of their users.
Of all the personal information that users are required to submit in being accepted onto eBay, the company failed to encrypt any of it, making it extremely easy for hackers to view and access anything they would like. Identity theft stems far beyond the reach of obtaining a credit card number, and with the information available to the hackers, there is nothing to say that it couldn’t be achieved with this type of breach.
EBay continues to urge users to monitor their information and be wary of false of leading emails and phone calls.