A lesson that is often learnt the hard way is: 'Never trust a teenager with anything you value.' They will almost certainly break it (almost always unintentionally). Then, if you don't catch them in the act, they will either:
a) hope you never find out
b) hide the breakage from you until they have figured out a way to fix it
or c) act surprised when you find out from a vigilant neighbour.
This week we found out that 19-year-old eBay was hacked in February/March and encrypted personal and password information stolen – yet it has taken eBay two months to confirm the security breach on its data. At 10pm last night I attempted to change my password on the site. eBay didn't tell me to do this; I was alerted by the vigilant neighbours of social and mainstream news media.
eBay doesn't make the products sold in its marketplace. It doesn't even distribute them. It relies on millions of buyers and sellers, trusting that their transactions, their money and their data are secure. This incident has surely left some customers wondering whether hacking is such a regular occurrence that eBay didn't think it warranted their attention and whether the global online marketplace still deserves their trust.
So what has eBay done wrong exactly? Simply, it hasn't lived up to customer expectations in its response to this incident. The security breach is highly regrettable and reminds us that when we hand data to even the biggest organisations, there is always an element of risk. But with that acceptance of risk comes the assumption that when something goes wrong, the organisation will act quickly to identify the issue, inform us and take speedy remedial action. None of this seems to have happened in this case.
It's not the hacking itself that has made the news. It's eBay's seemingly poor response. The company has not, at the time of writing, proactively contacted all of its buyers and sellers to tell them about the breach, nor has it introduced the compulsory password change it promised for everyone logging on. eBay has published information and guidelines on its website but has left all proactive communication to the media.
Many customers are angry and have voiced their concerns in the media and to US authorities. This incident will no doubt dent eBay's reputation but with around 130 million active users and an unmatched scale in online trading, it remains to be seen if it will have any long term impact. But perhaps next time, it will have the sense to inform customers in a more timely and proactive way. Parents forgive teenagers a few misdemeanours after all.