More fraudsters in the news, an Australian man was caught and has plead guilty to stealing eBay accounts
. Mr. Dov Tenenboim was able to hijack at least 90 different eBay accounts, primarily using brute force methods, whether it be guessing the account password outright or breaking into the users email account. Using the stolen accounts, he sold non-existent goods. For this and other crimes, he faces up to 11 years in prison
While it is fully the fault of the thief in this instance, it brings to mind, as the article points out, the glaring inefficiency that is the username/password system. It is relied upon nearly universally on the Internet, but is prone to many fatal flaws. The biggest of which is probably loose complexity enforcement, with simple passwords being allowed for the sake of making it easier to remember. There are many things that eBay could have done to prevent these attacks, many of them quite simple.