“If you had a friend who was a tightrope walker and he tripped and fell on the sidewalk, that would be completely unacceptable.” – Mitch Hedberg
Two months ago, eBay got hacked.
Two weeks ago, eBay – the owners of Paypal – discovered that it had been hacked and that the passwords, physical addresses, dates of birth and other personal details of their 145million users had been stolen by the hackers.
Yesterday, eBay informed its users of this fact through an article published on Tech Crunch, advising them to change their passwords.
“It’s a good thing that the passwords were encrypted,” said one commenter.
“Yes, but what type of encryption are they using?” retorted another.
“Does anyone know why the dates of birth, addresses and other ‘non-financial’ details were left unencrypted? The hackers could use these to carry out steal the identities of the eBay users,” piped up another comment.
“And why has eBay still not sent out an email telling its users that it got hacked…why did I have to hear about it first from the BBC?”
Back and forth the debate is raging online, with frustration mounting at how – at the time of writing – eBay has still not informed its users directly that it had failed to protect their sensitive information.
And with it only being a few weeks since the Heartbleed encryption flaw that compromised many popular services, including Facebook and Gmail, it’s easy to see the main issue as being about passwords being compromised again.
But there’s another issue that’s even more important than that. And it’s called ‘The Tightrope Walker’s Dilemma’.
The Tightrope Walker’s Dilemma
Since the Court Jesters of the 16th Century, comedy has long been the vehicle of exposing and exploring the flaws of institutions in society.
And a decade ago, the stand-up comedian Mitch Hedberg carried on this tradition by summing up the critical issue of the eBay hacking in one single sentence:
“If you had a friend who was a tight rope walker and he tripped and fell on the sidewalk, that would be completely unacceptable.”
In other words, a professional tightrope walker is entitled to the full range of human foibles, follies and shortcomings that everyone has…just as long as ‘tripping over one’s feet and falling whilst walking along a pavement’ isn’t one of them.
The moment that happens, then his lofty status as a ‘professional tightrope walker’ is immediately called into question.
The same charge would be levied at an accountant who was bad at sums, an English teacher who couldn’t spell or a brain surgeon who couldn’t hold a fork steadily.
And it is this question that has to be levied at eBay.
What is eBay’s Real Business?
When all is said and done, eBay’s core business isn’t auctioneering, inventory or shipping. Instead, eBay’s real business is protecting the personal and financial details of those who trade on its platform.
In other words, the reason 145m people use eBay is that they trust it to protect their personal details and provide a secure environment in which complete strangers can do business with one another safely.
So what happens when eBay fails at carrying out this core function…when the tightrope walker ‘trips on the pavement’?
Or more importantly, what happens when your business fails to carry out its core function of protecting your customers’ personal details?
Will Your Business Be The Next eBay?
You see, this story isn’t really about eBay.
Instead, it’s about every company that does business online and has possession of the personal and financial details of their customers.
The moment you received your first credit card payment from a customer, you entered the ‘keep my customer’s data secure business’. And the moment you fail to do so, the law will hold you accountable for this ‘secure data transfer’ failure.
This is why we’re fanatics about online security, encryption, and making it as easy as possible for our customers to engage in secure data transfer online.
Make sure you avoid that fate. Learn from the mistakes of eBay, and ensure that your business makes the security of its customers’ information a priority. Because when all is said and done, that’s the only part of your business that customers will care about in the event of a data breach.