BC Expert: eBay Hacked
Associate Professor of Information Systems
Carroll School of Management
(617) 552-0465 (o)
(678) 772-9418 (c)
Professor Sam Ransbotham’s research interests include information technology security, social media, and the strategic use of IT. Prior to his joining the faculty at Boston College, Ransbotham was founder and principal of a successful software company with a globally diverse client base. Widely published, Ransbotham has co-authored research papers such as: “Choice and Chance: A Conceptual Model of Paths to Information Security Compromise” (Information Systems Research, 2009);“Are Markets for Vulnerabilities Effective (MIS Quarterly, 2012); “Target Age and the Acquisition of Innovation in High Technology Industries” (Management Science, 2010); “Dialog Management at Starbucks” (MIS Quarterly Executive, 2010). Ransbotham was also awarded one of 11 inaugural Google and WPP Marketing Awards to support research into how online media influences consumer behavior, attitudes, and decision making. This year, Ransbotham was awarded a National Science Foundation Career award.
MAY 21, 2014
Millions of EBay’s on-line shoppers are thinking of new passwords today, thanks to a cyberattack that stole information such as customers' names, encrypted passwords, email and physical addresses, phone numbers and dates of birth.
“We should be concerned but I think we have to stop being surprised about this,” says Sam Ransbotham, Assistant Professor of Information Systems at Boston College. “Many many companies are storing lots and lots of information. We are giving that information up in exchange for newer services, whatever we want from the website, so we’ve given the information up. We can’t be too surprised when, given the number of sites that have this information, they get attacked. This will continue to happen.”
EBay says the hackers used stolen employee log-in credentials to access a customer information database between late February and early March. EBay discovered the security breach about two weeks ago and today began alerting customers to change their passwords.
“Whenever anything like this happens, a race starts between the bad guys trying to use this information and the good guys trying to get counter measures in place,” says Ransbotham, whose research centers around information technology security. “EBay has been doing the right thing in getting information out to people who can take counter measures for that.”
While the personal data the company’s 145 million members are at risk, no financial information was accessed. Still, the loss of an unknown number of passwords has the potential to compromise all websites.
“If you’re using the same password at multiple sites, those sites are available for compromise as well,” says Ransbotham, who co-authored the research paper, “Choice and Chance: A Conceptual Model of Paths to Information Security Compromise” (Information Systems Research). “If your banking website lets you recover your password through information about your hometown or your high school mascot, then that information may be victim, too.”
As eBay scrambled to contain the damage and preserve its reputation among customers, experts like Ransbotham say attacks like this are the new normal.
“The potential for this is everywhere. We can’t expect technical panaceas. We can’t expect that security will be perfect everywhere. There’s no reason to believe that other sites will not have similar problems. Anytime that a website is successful, or an e-commerce site is successful, it’s going to have a large amount of data and that large amount of data will provide the incentive necessary for attackers to go after it. So we can’t be surprised when this is happening - we just need to be ready when it does. I think eBay has gone through this disaster planning scenario before and they’re putting the processes in place.”
Media Note: Contact information for additional Boston College faculty sources on a range of subjects is available at: /offices/pubaf/journalist/experts.html
Office of News and Public Affairs
(617) 552-3630 (office)
(617) 943-4323 (cell)