Online Platform : Ebay Online Trading Platform
Year : May 2014
Affected Users : 145 million
Incident : System hacking and leakage of personal data
Ebay is well known for its online trading platform, a venue for global willing buyers and sellers to trade via online equipped with payment gateway system.
In May 2014, EBay announced that according to a cyber-attack launched against the said E-Commerce platform, it was estimated that 145 million users’ personal data has been compromised and leaked to 3rd party. The cyber-attack was reportedly initiated by way of internet hacking between late February and early March 2014.
According to EBay, the involved personal data included users’ email addresses, passwords, birth dates and correspondence address. However, EBay insisted that there was no financial information being affected in the cyber-attack.
EBay has advised all users to change their passwords after the event.
So What’s The Issue?
Many do not realise that EBay users’ accounts were actually linked to social media profile such as Facebook account. To be fair it wasn’t EBay, only, but rather majority of forums, websites, E-Commerce platforms allow login service by way of social media account.
Once such E-Commerce online platform users’ accounts were linked to and/or registered by way of social media account, the hackers or whoever that managed to obtain the personal data from EBay are able to perform data profiling.
So What’s Data Profiling?
The connection that linked with for example Facebook account, would expose and reveal the EBay users’ actual name that shown in their respective Facebook profile, and perhaps other data associated.
It essentially means that the hacker would be able to track and trace a virtual EBay user to an actual individual by looking into the data associated or shown in Facebook account.
In the meantime, data profiling is a type of data examination that allows collection and setting of statistics and summary from an existing information source. The collected, compiled and summarised statistics would help to locate, identify and trace a purchasing record, living or spending habit or even detailed profile of one online user.
Let’s take EBay for example. Purchasing data for condom or pregnancy test or even HIV test would benefit or useful to pharmaceutical company or related advertisers.
Another aspect from such data leakage is the investigation of the authority. Imagine that the data or purchasing record on purchasing gun-related accessories would enable one to profile the user as firearm user (could be registered or unregistered user in United States). Such privacy loophole would enable the law enforcers to run a “free” background check especially on unregistered gun users that go dark.
-Please stay tune for the next Recent Top 10 Data Breaches – No. 9-