Skip to content

Ebay Lax Security – breaching the defences appears too easy

EBay Security Breach – not exactly difficult.

This week, our eBay account was hacked.  According to eBay, this is our fault and the hacker has gained access to our email address, changed our password and changed the email address linked to the eBay account. Perfectly possible you might think, except there has been no hack of our email account, no emails were received from eBay to notify us of anyone attempting to change our email or password but after the email had actually been changed.

ebay
ebay security leaves a lot to be desired.

EBay’s security seriously sucks. There are no security questions or procedures that anyone looking to change their account has to go through. Similarly there are no obvious restrictions in place preventing anyone from logging into an account and changing things, making purchases, even gaining access to PayPal if the account details are the same and causing serious damage both to online reputation and also to your pocket via your bank account.

EBay’s approach to this is reprehensible, they do not care. In fact they do not give two hoots as to who breaks into your account and changes things, as it is your responsibility and not theirs, to keep your details safe. This is the case even if it is quite obvious the security breach has been at their end. After all, how would anybody prove otherwise?

Ebay security standards are reminiscent of those of the mobile phone companies and their operations behaving as if they are in the Wild West. No legislation covers these companies in reality because their operations span so many different countries. No police force is going to be interested that someone has attempted to break in and use our eBay account, even though that person is working from a server based in Stoke and eBay have their IP address.

The amount of crime that must be going on through eBay with eBay’s knowledge or eBay’s implicit consent due to their shocking standards of security, must be absolutely phenomenal. Quite why no one has ever challenged this company or queried their behaviour before is just beyond us. If a security breach occurs, then eBay ought to be responsible for putting things back and ensuring that their security is tight enough in the first place to deal with the sophisticated hacks that are becoming all too commonplace on the internet in the present decade.  We wonder whether eBay is still operating in the 1990s.