Just How Bad Was eBay’s Cyber-Attack?

REPLAY VIDEO
Your next video will start in
Pause

Recommended Videos

  • Info

  • Comments

  • VIDEO TEXT

May 21 (Bloomberg) -- eBay asked users to change their passwords after a cyber-attack exposed a database with login information and data such as birthdays and phone numbers. Shape Security Senior Security Researcher Wade Williamson and Social+Capital Managing Partner and Founder Chamath Palihapitiya speak on Bloomberg Television’s “Bloomberg West.” (Source: Bloomberg)

How do you think this attack happened and how bad is it?

Typically, these things will be coming in through an employee.

It is far easier if you are an attacker to find someone who is willing to click on a bad link and click on an attachment.

Once you are inside the network, you can start rooting around and looking for all of the important databases.

Early indications is that that was the model here.

That is a difficult one to defend.

Does this speak to the failure of the ability for the internal checks and balances in ebay to protect their users?

It's a good point.

Something that i think is a good sign is that the databases that help credit card information seem to have been separated from the ones that held other personal information.

Which is a good thing.

Obviously, you don't want to get credit card information or payment information zone.

Other internal controls, that remains to be seen.

I think that the state of breaches we see enough of these now that we know this first kind of breach where the bad guys get inside, that continues to happen.

We definitely need to have better controls about making sure that the bad guys can't get out with the crown jewels once they get in.

And also doing a better job of making sure that they can't use the data that they eventually steal.

It seems like every week we are waking up to a massive hack attack target.

Do you think that ebay should be held to the same standard record company like target?

The answer is yes.

The question though is was the ultimate end of that series of events at target, was that really the solution to the problem?

You mean the ceo leaving?

I have known john for a while.

He is the most exceptionally, on a roll, amazing person, one of the most amazing people in silicon valley.

If he knew something was going to be done, he would've done it.

The question is where were the real checks and balances in place in a bag?

Also, how are they figuring out what technologies they should be using so that they are one or two steps ahead or at least in lockstep with the attackers who have an increasingly massive economic incentive to be tried to hack them and frankly every other company?

Wade, do you view this as a massive failure on a base part given that some a companies are a seen this exact same issue?

Or not?

No, i don't think it is a massive failure.

When a breach happens, something wrong happened.

From what we've seen so far, this doesn't look like it was anything negligent on ebay's part.

Of course, we are going to learn more as time passes.

But the really important thing to remember is that the first layer of the breach, where someone -- an employee gets infected, it is really difficult to make sure that no one that works for you ever gets compromised by malware.

That is a really tough job.

What i do think the industry can do a little bit better is not only when we find a breach we let people know quickly, but also we need to be looking at other security technologies beyond just how do we keep that first piece of malware out.

What we do from the people that are already infected with malware, how do we make sure that those guys don't become an entry point into the really important things inside the network?

That is something that i think is both a responsibility for enterprise as well as the security industry to help fill that hole.

Wade williamson, thank you so much for joining us.

Coming up, more where there

This text has been automatically generated. It may not be 100% accurate.

Advertisement

BTV Channel Finder

Channel_finder_loader

ZIP is required for U.S. locations

Bloomberg Television in   change