Following the announcement from eBay that it suffered a data breach that has affected 145 million users, Skyhigh Networks, a cloud security firm, has said that 99% of companies have employees who use eBay.
The hackers infiltrated eBay’s systems and managed to gain access to the passwords and personal information of 145 million eBay accounts, including names, email addresses, birthdates, physical addresses and phone numbers.
Skyhigh Networks said that the implications from this attack have significant security cosequences for businesses.
Charlie Howe, Skyhigh Networks EMEA director, said: "A breach of this magnitude will inevitably have an impact on businesses, how could it not? In the case of eBay, because it’s so incredibly popular, it’s the sheer number of companies that may be affected that’s most alarming. Businesses need to take notice of this threat – it’s not just about your personal account."
Furthermore, the cloud security firm’s data suggests that the average Fortune 2000 Company has approximately 15,800 employees using eBay, demonstrating the breadth of the breach.
"Most eBay users do visit the service exclusively for personal reasons, and are unlikely to store sensitive corporate data within the service, which means that the impact of this breach in terms of corporate security will be dismissed by many. It’s a dangerous game to play, however, especially since many people will fail to heed eBay’s warnings and change their passwords.
"Employees often use the same password across several cloud services and research from the University of Cambridge suggests that as many as 31 percent of passwords are re-used. What are the odds that employees up and down the country are using the same password on eBay as they are on their corporate cloud services? I’d say it’s pretty high, a certainty almost."
EBay have issued an advisory to its users recommending a change of password. There are over 14 million active eBay accounts in the UK, with the global user count adding up to nearly 233 million.
Matt Middleton-Leal, UK regional director at CyberArk security firm, said: "Protecting privileged accounts should be top priority for any business, not least because perimeter security is clearly failing. The way in for these malicious attacks is through the inside and, as such, protection needs to start here – at the heart of the organisation.
"Monitoring and controlling these powerful accounts every time they’re used is paramount to mitigating the impact of an inside breach. Businesses must start better protecting their assets and critical to this is securing the privileged accounts which form the primary vehicle for so many successful attacks."
In a statement, eBay said the database was breached between late February and Early March. PayPal said that its service has not been affected and customers’ financial information is safe.