INTRODUCTION: The following analysis is about the attackthat took place in May 2014 on eBay. The hackers stole the eBay staff credentials,and accessed the database, so they hadthe customer name, password which was in the encrypted form, email address,physical address, phone number and date of birth.
One of the advantage is thatthe encrypted passwords were stored in the hash format. The eBay officials saidthey didn’t wanted to reveal their algorithm as it would be public. Though thepasswords were encrypted but, the personal information stored in the eBaydatabase was not encrypted. So, the attackers had the complete personalinformation which could affect 145 million people. Attackers can sell thispersonal information and can be misused. This attack is one of the biggest databreaches in the 16th century.
DESCRIPTION OF THE ATTACK: The attack on eBay happened on May 2014 where the attackershad the access to the eBay database by using the credentials of three employeesand it was not known until two weeks. They had the employee credential for 229days. During this period, they made their way to access the database. eBay confessed that itsfinancial information is stored separately. eBay also own PayPal. So, they statedthat its information is stored separately and there is no threat to thatinformation.
Reason for this attack can be phishing. A fake e-mail was sent tolog in and reset password which must be similar to original and convinced tochange password which may have resulted in the attack. Phishing is one of thesocial engineering attacks in which information is stolen by acting as a trustedentity and tricks the user into an email or a message.
Later user is trickedinto opening a malicious link which installs a software as soon as the userclicks the malicious link. As soon as the attackers had access to the eBaydatabase, they stole 145 million users personal information like email address,physical address, phone number and date of birth. This eBay attack isconsidered as one of the biggest cyber breaches.
MITIGATION STEPS: The cyber-attack on eBay was the biggest data breach in which 145million customers personal information was at stake. According to theofficials, no financial information of the customers such as credit card isunder threat. But the biggest issue was the personal customer’s data such asname, phone number, date of birth through the password was stored in theencrypted hashed form. This information can be misused by the attackers as theycan sell the data to someone. They can use this information on other websitesand try to trick them. Some of the best ways to avoidphishing attacks are to reduce opening sites by clicking the link, installingan anti-phishing toolbar which checks whether the site is legitimate or notbefore opening and does not share personal information over the internet.
Also,one should be careful about pop-ups which act as a legitimate website. Thenetsparker also suggested customers increase an extra layer of security whichis the two-factor authentication which has the possibility to avoid the attack.But, there is no guarantee that the attacker can’t access the information aboutthat.