We are all mindful of privacy now
Most folks know by now are aware of information and its growing importance. Typically this issue involves either criminal attacks compromising user information, as with Target or Ashley Madison more recently, or expanding government surveillance over electronic activities. Are we perhaps spending so much time worrying over the information that is taken that we forget what information is freely given by some of these companies?
Concern has recently been raised over eBay’s questionable policy to give out user information to any bidder or seller who asks. Imagine the outrage if Target or any other retailer made available your home city, full name, and contact number. Your exact address is not listed and there is a helpful admonishment that “contact information should only be used for resolving matters related to eBay,” but that restriction is no doubt as effective as signs limiting trick-or-treaters to just one piece of candy.
Famous economist fell “victim” to this trap
Case in point: Barry Ritzholtz wrote of being cold-called by a car dealership after bidding on a Maserati Gran Turismo. Despite eBay’s instructions that transactions outside the auction house were verboten it was a common tactic for lead generation. Thankfully identity thieves have a much stricter code of conduct than do used-car dealers.
Because that is a very real possibility with the information eBay gives so freely.
Why this makes eBay users vulnerable
Following a request for contact information anyone would have your email, user (and real) name, phone number and even a way to find your home address. Supposing you use the same username and password for most of your accounts, which most of us likely do, a simple Facebook search of your name -helpfully narrowed down to your locale by eBay- could yield all the clues needed to break into any of your accounts. Even without the password a thief could easily answer stringent security questions like “Your favorite college team?” when they can see you’re from Alabama and have “Roll Tide!” on your Facebook wall.
Where the ultimate responsibility lies
Ultimately information security is our individual responsibility. We should all keep our profiles private and ensure that a breach to one account does not ensure that same information can be used to compromise the rest of our online identity. eBay also doesn’t have to make it easier for its users to be attacked.