Auction site and e-commerce giant eBay (Nasdaq: EBAY) was the victim of a cyber attack that has left sensitive user data vulnerable. The company first announced the hack last week and has come under considerable fire since then.
Customers are angry and for good reason.
The eBay cyber attack occurred in February but wasn’t discovered until a couple of weeks ago. Considering that eBay’s sole purpose is to provide a secure and efficient marketplace, it is a bad sign that months passed before eBay learned of a problem.
But it gets worse.
eBay learned of the incident two weeks before it notified the public. While it isn’t clear what eBay knew or when it learned it, customers will likely focus on the fact that eBay waited two weeks to tell them their personal information had been stolen.
For two weeks a hacker or group of hackers had eBay account names as well as customer passwords, email addresses, physical addresses, birthdates and phone numbers while eBay knew but before they were notified.
eBay hasn’t exactly been upfront with its customers and the optics aren’t good.
The company announced the hack on the morning of May 21. I read a couple of articles about the incident that day. Each suggested that I change my password immediately. I was very surprised to see that there was nothing about it on eBay’s website but I changed my password anyway.
Then I checked my e-mail. Still no word from eBay.
Yesterday – a full five days later – I finally got an e-mail from eBay instructing me to change my password.
Considering that the whole point of eBay is to provide a safe place for buyers and sellers to meet online, trust is essential. Why would I shop for items through eBay if I didn’t trust its ability to protect my information?
When eBay was created in 1995, the idea of shopping online was still very new. Sending credit card information and physical addresses over the internet seemed like risky business. Thus, eBay rose to dominance by guaranteeing payments and encrypting user data.
eBay was built on user trust and I believe this event has fundamentally altered the way consumers trust the company.
This is different than the Target (NYSE: TGT) data breach announced late last year. Target’s mission is to get you to come into a store and buy merchandise from them. Nothing about that mission was altered by its hacking incident.
Sure, the breach resulted in stolen account numbers. And yes, it was an inconvenience for Target’s customers to cancel credit cards and change account numbers. But this is a relatively isolated event with a measurable impact.
Even if eBay’s encryption of passwords is never cracked, its users’ birth dates, addresses, email addresses and phone numbers were not encrypted. This could be enough for identity thieves to wreak havoc in the lives of eBay customers.
The theft of customer financial information was a major hiccup for Target, but it is still only a hiccup. I think this could be different for eBay.
eBay’s sole purpose is to provide a secure and transparent marketplace. Not only did eBay fail to accomplish its mission, it failed to disclose it to customers for two weeks.
This incident and eBay’s slow response will erode the trust that customers have in the company. Considering that eBay’s entire business model is built on this trust, I consider the eBay cyber attack to be very bad for business.
And since you may not have heard from eBay yet, take a minute to go change your password.
Triple your dividends with one stock – starting this month!
With so many investors grabbing up shares of blue chips, yield is getting hard to come by. In fact, the average yield of the Dow has sunk to 2.1%. But our group of investors isn’t worried. We’re collecting big monthly dividends… up to $550 every 30 days… from a little-known investment that yields a whopping 12%! If you’d like to tap into this income stream, and earn up to triple the dividends of even the best blue chip, click here for our full report on this opportunity.