INTRODUCTION: not encrypted. So, the attackers had the

INTRODUCTION:  The following analysis is about the attackthat took place in May 2014 on eBay. The hackers stole the eBay staff credentials,and accessed  the database, so they hadthe customer name, password which was in the encrypted form, email address,physical address, phone number and date of birth. One of the advantage is thatthe encrypted passwords were stored in the hash format.

The eBay officials saidthey didn’t wanted to reveal their algorithm as it would be public. Though thepasswords were encrypted but, the personal information stored in the eBaydatabase was not encrypted. So, the attackers had the complete personalinformation which could affect 145 million people. Attackers can sell thispersonal information and can be misused.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

This attack is one of the biggest databreaches in the 16th century. DESCRIPTION OF THE ATTACK: The attack on eBay happened on May 2014 where the attackershad the access to the eBay database by using the credentials of three employeesand it was not known until two weeks. They had the employee credential for 229days. During this period, they made their way to  access the database. eBay confessed that itsfinancial information is stored separately. eBay also own PayPal. So, they statedthat its information is stored separately and there is no threat to thatinformation. Reason forthis attack can be phishing.

A fake e-mail was sent to log in and resetpassword which will be similar to the original and convincing enough to change thepassword which resulted in the attack. Phishing is one of the socialengineering attacks in which information is stolen by acting as a trustedentity and tricks the user into an email or a message. Later user is trickedinto opening a malicious link which installs a software as soon as the userclicks the malicious link. As soon as the attackers had access to the eBaydatabase, they stole 145 million users personal information like email address,physical address, phone number and date of birth.

This eBay attack isconsidered as one of the biggest cyber breaches. MITIGATION STEPS: The cyber-attack on eBay was the biggest data breach in which 145million customers personal information was at stake. According to theofficials, no financial information of the customers such as credit card isunder threat. But the major issue was the personalcustomer’s data such as name, phone number, date of birth through the passwordwas stored in the encrypted hashed form. This information can be misused by theattackers as they can sell the data to someone.

They can use this informationon other websites and try to trick them. Some of the best ways to avoidphishing attacks are to reduce opening sites by clicking the link, installingan anti-phishing toolbar which checks whether the site is legitimate or notbefore opening and does not share personal information over the internet. Also,one should be careful about pop-ups which act as a legitimate website. The netsparker also suggestedcustomers increase an extra layer of security which is the two-factorauthentication which has the possibility to avoid the attack. But, there is noguarantee that the attacker can’t access the information about that..

x

Hi!
I'm Mary!

Would you like to get a custom essay? How about receiving a customized one?

Check it out