INTRODUCTION:  The following analysis is about the attack
that took place in May 2014 on eBay. The hackers stole the eBay staff credentials,
and accessed  the database, so they had
the customer name, password which was in the encrypted form, email address,
physical address, phone number and date of birth. One of the advantage is that
the encrypted passwords were stored in the hash format. The eBay officials said
they didn’t wanted to reveal their algorithm as it would be public. Though the
passwords were encrypted but, the personal information stored in the eBay
database was not encrypted. So, the attackers had the complete personal
information which could affect 145 million people. Attackers can sell this
personal information and can be misused. This attack is one of the biggest data
breaches in the 16th century.

 

DESCRIPTION OF THE ATTACK: The attack on eBay happened on May 2014 where the attackers
had the access to the eBay database by using the credentials of three employees
and it was not known until two weeks. They had the employee credential for 229
days. During this period, they made their way to  access the database. eBay confessed that its
financial information is stored separately. eBay also own PayPal. So, they stated
that its information is stored separately and there is no threat to that
information. Reason for this attack can be phishing. A fake e-mail was sent to
log in and reset password which must be similar to original and convinced to
change password which may have resulted in the attack. Phishing is one of the
social engineering attacks in which information is stolen by acting as a trusted
entity and tricks the user into an email or a message. Later user is tricked
into opening a malicious link which installs a software as soon as the user
clicks the malicious link. As soon as the attackers had access to the eBay
database, they stole 145 million users personal information like email address,
physical address, phone number and date of birth. This eBay attack is
considered as one of the biggest cyber breaches.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

MITIGATION STEPS: The cyber-attack on eBay was the biggest data breach in which 145
million customers personal information was at stake. According to the
officials, no financial information of the customers such as credit card is
under threat. But the biggest issue was the personal customer’s data such as
name, phone number, date of birth through the password was stored in the
encrypted hashed form. This information can be misused by the attackers as they
can sell the data to someone. They can use this information on other websites
and try to trick them.

Some of the best ways to avoid
phishing attacks are to reduce opening sites by clicking the link, installing
an anti-phishing toolbar which checks whether the site is legitimate or not
before opening and does not share personal information over the internet. Also,
one should be careful about pop-ups which act as a legitimate website. The
netsparker also suggested customers increase an extra layer of security which
is the two-factor authentication which has the possibility to avoid the attack.
But, there is no guarantee that the attacker can’t access the information about
that.