As the Web this week absorbed another reminder of the vulnerability of data -- this time, the theft of some 145 million records from eBay -- experts say that online consumers may have to accept that their personal information isn’t safe from hackers.
“For the time being, it is the new normal,” Maxim Weinstein, a security adviser for the British and American firm Sophos, told International Business Times. “Consumers need to put protections in place for themselves to take into account the fact that some of their data could be breached.”
Every week seems to deliver evidence of flawed security defenses, and advocacy groups like Consumer Action say consumer fatigue is beginning to hurt e-commerce. Target Corp. (NYSE: TGT), for example, reported a massive earnings hit Wednesday after a December breach exposed tens of millions of credit cards.
In addition to changing passwords, users are reminded after each attack -- the Adobe Systems Incorporated (NASDAQ:ADBE) breach in October, the Target hack, the massive Heartbleed bug found in April and again this week with eBay -- that they need to use a different username and password combination for each website, utilize two-step identity verification when available, and be cautious about what sort of data they store on each website.
Consumer Action said it should be up to the companies, rather than the consumers, to protect user data.
“It seems like there’s no complete guarantee that hackers aren’t going to reach into these various websites,” Linda Sherry, a spokesperson for Consumer Action, said. Not all e-commerce customers are Web-wise enough to take the necessary precautions. “I’m thinking of my own mother and other people I know that aren’t totally savvy with the Internet.”
Even with the media coverage and fallout after these major breaches, it's not clear which companies are taking security seriously and which companies are not. In the case of Target, for example, hackers exploited outdated digital cash registers.
“I’m not sure that a lot of organizations are doing the best job of really doing the [cybersecurity] basics right,” Weinstein said.
Another problem is that as security protocols get more sophisticated, so do the attackers. EBay used two-step identity verification and encryption.
“They were doing some of the right things to eventually detect [the hack] and use forensics to figure out what and what hadn’t been breached,” Weinstein said. “The fact that they were able to do that within two weeks is actually pretty impressive.”
Still, more than 100 million eBay records were compromised. Until new defense mechanisms are created -- or hackers decide that something else is better worth their efforts -- consumers have to expect that their accounts will likely be compromised eventually.