A website post has offered "eBay user details for sale", following the revelation of a cyber attack aimed at the online marketplace.
Although a spokeswoman for eBay has told Fairfax Media that the offer to sell eBay user details was not a legitimate one, a leading Perth academic says it is – at the very least – a reminder of the need for vigilance.
Director of Edith Cowan University's security research institute, Professor Craig Valli said it was a reminder of how important it was to use different passwords across different accounts and to ensure passwords were strong.
He told Fairfax Media there was no telling whether the offer was a legitimate one without purchasing the item.
A spokeswoman for eBay Australia told Fairfax media "the published list does not contain authentic eBay accounts".
The post is on online storage facility pastebin.com and claims to be selling a "full ebay user database dump with millions of "unique records" for 1.453 Bitcoins.
"The only original offer you will get from me so there is no guarantee you will get the same thing from other sources," the post states.
eBay urged its users to change their passwords when the news of a cyber attack was revealed.
An encrypted database, including information such as customers' names, passwords, email and physical addresses, phone numbers and dates of birth, were involved in the attack.
eBay says tests have shown that financial information was not accessed.
Professor Valli said if people used the same password for different online accounts or used basic passwords, they were vulnerable to cyber attackers accessing accounts and stealing details.
He said passwords should be a minimum of 12 characters and never be simply "dictionary words" with numbers – such as the popular "password1".
Professor Valli said machines used in hacking would quickly go through these types of words in an attempt to hack an account.
He suggested people create an easy-to-remember password based on easily memorised sentences.
"An example would be 'This is my password I use for eBay, my name is Craig Valli'. You could use the first letter of each word and it makes no sense, it’s as simple as that," Professor Valli said.
Professor Valli said once an account was hacked, the password and personal details on that account could be used to access other online accounts.
"From there they could have your date of birth, address and other details that they could use to steal your identity, or try to open bank accounts," he said.
- WA Today