INTRODUCTION:  The following analysis is about the attack
that took place in May 2014 on eBay. The attackers stole the eBay staff credentials,
as the hackers had the access to the database, so they had the customer name,
encrypted password, email address, physical address, phone number and date of
birth. eBay said that the encrypted passwords were stored in the hash format
and eBay didn’t want to reveal anything about their algorithm. Though the
passwords were encrypted, the personal information stored in the eBay database
was not encrypted. So, the attackers had the complete personal information
which could affect 145 million people. This attack is one of the biggest data
breaches in the 16th century.

 

DESCRIPTION OF THE ATTACK: The attack on eBay happened on May 2014 where the attackers
had the access to the eBay database by using the credentials of three employees
and it was not discovered until two weeks. They had the employee credential for
229 days. During that, they made their way to the database. eBay confessed that
its financial information is stored separately and not compromised, which
included PayPal information.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Reason for
this attack can be phishing. A fake e-mail was sent to log in and reset
password which must be similar to original and convinced to change password
which may have resulted in the attack. Phishing is one of the social
engineering attacks in which information is stolen by acting as a trusted
entity and tricks the user into an email or a message. Later user is tricked
into opening a malicious link which installs a software as soon as the user
clicks the malicious link. As soon as the attackers had access to the eBay
database, they stole 145 million users personal information like email address,
physical address, phone number and date of birth. This eBay attack is
considered as one of the biggest cyber breaches.

 

MITIGATION STEPS: The cyber-attack on eBay was the biggest data breach in which
compromised 145 million customers personal information. According to the
officials, no financial information of the customers such as credit card was
compromised. But the biggest issue was the privacy of customer’s data such as
name, phone number, date of birth through the password was stored in the
encrypted hashed form. This information can be misused by the attackers as they
can sell the data to someone. They can use this information on other websites
and try to trick them.

Some of the best ways to avoid
phishing attacks are to reduce opening sites by clicking the link, installing
an anti-phishing toolbar which checks whether the site is legitimate or not
before opening and does not share personal information over the internet. Also,
one should be careful about pop-ups which act as a legitimate website. The
netsparker also suggested customers increase an extra layer of security which
is the two-factor authentication which has the possibility to avoid the attack.
But, there is no guarantee that the attacker can’t access the information about
that.