Computer Security - Case Study

A Cyber Security Case Study: eBay Data Breach 2014
DAMAINE FRANKLIN 1
UEL-CN-7016 Computer Security
Assessment 1
A Cyber Security Case Study
eBay Data Breach February 2014
Damaine Fabion Franklin
Student #: R2104D12054733
08/26/2023

DAMAINE FRANKLIN 2
Table of Contents
Abstract ........................................................................................................................................................................3
Introduction .................................................................................................................................................................3
Literature Review........................................................................................................................................................4
The Fundamental Aspects of Computer Security.................................................................................................4
Defining Computer Security?.............................................................................................................................5
The Principles of The CIA Triad & AAA..........................................................................................................5
Principles of Access Controls..............................................................................................................................8
Principles of Data Protection............................................................................................................................10
An Overview of the eBay Data Breach ................................................................................................................11
Discussion and Analysis ............................................................................................................................................12
The Incident ...........................................................................................................................................................12
Threat Actors & Motives ......................................................................................................................................12
Attack Vector.........................................................................................................................................................13
Exploited Vulnerabilities.......................................................................................................................................14
Recommendations......................................................................................................................................................17
Authentication and Access Control......................................................................................................................17
Adequate Encryption.............................................................................................................................................17
Network Defense....................................................................................................................................................18
Security Awareness Training................................................................................................................................19
Conclusions ................................................................................................................................................................19
References ..................................................................................................................................................................21

DAMAINE FRANKLIN 3
Abstract
This cyber security case study seeks to provide a comprehensive analysis of the data
breach incident that occurred on the e-commerce trading platform eBay in February 2014. The
data breach compromised the personal and identifiable information of 145 million eBay
customers, including their usernames, encrypted passwords, dates of birth, names, addresses, and
phone numbers. The cyber incident led to a widespread investigation which revealed that a
hacktivist group calling themselves “Syrian Electronic” claimed responsibility for the attack,
however, eBay did not confirm it. eBay’s reputation was significantly damaged because of this
attack and the company suffered major financial losses due to reduced levels of e-commerce
traffic caused by the security breach. Consequently, the subsequent headings will uncover
additional details concerning this cyber incident.
Introduction
According to a report published by the Ponemon Institute in 2015, the events of the year
2014 witnessed a notable occurrence of significant cybersecurity breaches and attacks against
major companies in the United States. The magnitude of the attacks varies among companies
such as Target, Sony Pictures, JPMorgan Chase & Co, Home Depot, Staples, Nieman Marcus,
Michaels Stores, eBay, and CHS Community Health Systems (Ponemon Institute, 2015). In the
context of this case study, the cyber incident under investigation is the data breach that occurred
at the e-commerce trading platform eBay in 2014. According to Roberts (2018), In March 2014,
145 million eBay user accounts were compromised due to a spear-phishing campaign.
Subsequently, eBay announced that the breach exposed its customers' personal and identifiable
information such as their names, email addresses, physical addresses, phone numbers, and date

DAMAINE FRANKLIN 4
of birth. The impact of this data breach caused much concern regarding identity theft, and as a
result, the company received widespread criticism over its handling of the incident, especially
when it was disclosed that customers' personal and identifiable information was not secured with
encryption (Roberts, 2018). In another report, IvyPanda (2020), stated that due to the severity of
the cyber incident, eBay advised all its customers to urgently change their user credentials in
order to prevent being hacked. Even though the financial data of eBay’s customers was not
compromised, Roberts (2018) argued that eBay should have applied the same level of security to
customers' data as it did to their financial data. The damage to eBay’s reputation was significant
and it cost the company approximately $300 Million. According to both Roberts (2018) and
IvyPanda (2020), the evidence seems to suggest that the attackers were primarily interested in
the theft of customer’s personal information and not their financial data.
Literature Review
The Fundamental Aspects of Computer Security
As business becomes increasingly reliant on the use of computer systems to enhance the
management and automation of their business operations, the more computer security becomes
vital to their business needs. As a result, businesses that lack adequate security controls to defend
against security risks and cyber threats are vulnerable to attacks. Considering this fact, the
remainder of this section will further elaborate on the fundamental aspects of computer security,
beginning with a concise definition of computer security, followed by a discussion on the
principles of the CIA Triad. Then a brief discussion on the AAA security framework and the role
it plays in network management. It then explores data protection mechanisms such as
cryptography and hashing algorithms. Followed by the principles of access control and

DAMAINE FRANKLIN 5
subsequently, it describes the realms of cybersecurity and how it can be useful in determining an
effective incident response.
Defining Computer Security?
The concept known as computer security has been studied extensively and based on the
reviews of several publications there does not appear to be a singular accepted definition of the
term. However, in a 1984 publication, author R. C. Summer defined computer security as the
concepts, techniques, and measures that are used to protect computing systems and the
information they maintain against intentional or unintentional threats. In a more recent study,
Sutton (2017) presents a comprehensive definition of the term by stating that computer security
concerns the series of tools, methodologies, practices, standards, and policies that can be adopted
to prevent or mitigate cyber threats and cybercrime such as identity theft, intellectual property
theft, fraud, extortion, espionage, terrorism, and other internal and external factors that are
security threats. With this understanding, the broadest sense of the term may be defined as the
prevention and detection of unauthorized actions by users of a computer system (Shipsey, 2009).
The Principles of The CIA Triad & AAA
According to Bishop (2018), the principles of the CIA triad (Confidentiality, Integrity,
and Availability) serve as the foundation of computer security and form the basis for the
development of security systems. The author noted that the interpretation of each element of the
CIA triad is contingent on a variety of factors, such as an organization's requirements, its
environment, its customers, and the laws that govern the organization. Each element will be
discussed and how they relate to computer security.

DAMAINE FRANKLIN 6
A. Confidentiality
According to information obtained from Fortinet (2023), confidentiality in computer
security refers to the mechanism used to safeguard sensitive data from unauthorized access,
copying, sharing, and dissemination. Confidentiality of sensitive data on a computer system may
be compromised by attack vectors such as man-in-the-middle attack whereby an attacker
intercept and captures unencrypted data between a client and a server. A mechanism that
supports confidentiality is access control which designates who is permitted or denied access to
certain data, applications, or resources (Fortinet, 2023). Another mechanism which supports
confidentiality is cryptography which converts plaintext data into unreadable cyphertext. The
other is authentication and authorization which explicitly verifies the identity of users and
ensures that these users are granted the appropriate level of access (Fortinet, 2023).
B. Integrity
Integrity in computer security refers to the mechanisms put in place to ensure that while
data is at rest or in transit it is trustworthy and not tampered with (Fortinet, 2023). Data integrity
is an important principle in computer security since it ensures the authenticity, accuracy, and
reliability of the data. According to Fortinet (2023), data integrity may be compromised
intentionally by insiders, unintentionally by someone making an honest mistake or by the
consequences of inadequate computer security policies, protections. The mechanism used to
ensure data integrity are nonrepudiation methods, hashing algorithms, cryptography, and digital
signatures (Fortinet, 2023).

DAMAINE FRANKLIN 7
C. Availability
According to Fortinet (2023), Availability in computer security refers to the mechanisms
put in place to ensure that access to data and information systems is consistent and readily
available to individuals with authorized access. This implies that all systems, networks, and
applications must be functional and readily available at expected and at the appropriate times.
Furthermore, data availability is an important element in computer security since it ensures
business continuity and network redundancy within an organization. Without data availability,
the confidentiality and integrity of data is meaningless (Fortinet, 2023). The most common
threats to data availability are natural disasters, power outage, inadequate disaster recovery
systems, and through intentional acts such as a denial-of-service attack (Fortinet, 2023). Data
availability may be ensured through the implementation of multiple paths for network traffic to
flow, uninterruptible power supplies, and a disaster recovery plan (Fortinet, 2023).
D. Authentication Authorization & Accounting
In the preceding discussion, it was noted that the principles of the CIA triad serve as the
foundation of computer security. Similarly, according to Rensing et al. (2002), the principles of
the AAA security framework work together to fulfill the objectives of computer security.
According to Rensing et al. (2002), the initial letter in a sequential order denotes Authentication,
which pertains to the process of verifying the identity of a user accessing a computer system.
With Authentication users of a computer system must prove who they say they are by providing
either of the authentication factors (something you know, something you have or something you
are). The second letter denotes Authorization, which according to Rensing et al. (2002), refers to
granting the appropriate levels of access to users of a computer system in accordance with their

DAMAINE FRANKLIN 8
credentials. The authors noted that, Authorization is directly linked to the principles of least
privilege, which states that users, devices, databases, and applications should be granted just
enough permission to perform their designated tasks or functions (Rensing, et al., 2002). The
letter "A" in the acronym signifies Accounting, which, as stated by Rensing et al. (2002), is a
crucial component in computer security because its primary function involves monitoring and
recording user activities while accessing a computer system. Accounting can prove to be highly
beneficial when accessing systems logs for cyber incidents and valuable in forensic investigation
(Rensing, et al., 2002).
Principles of Access Controls
According to Vimercati, et al. (2002), the proliferation of information technology and the
widespread use of computer systems for collecting, retrieving, and sharing data has increased the
need for enforcing information security measures. Such measures ensure the protection of data
against unauthorized access, and modification, as well as the guarantee of its availability to
legitimate users. In the context of an organizational setting, it is imperative that all employees are
granted access to systems resources. However, it is equally important to acknowledge that not all
employees will be granted equal levels of access to those resources. In a book titled
“Fundamentals of Computer Security,” the authors explained that the objects within a computer
system have a well-defined collection of access operations that specify how a subject can
manipulate an object. Such operations entail functions such as read, write, execute, view,
modify, or full control among others (Pieprzyk, et al., 2003). The authors noted that, within a
computer system, a subject or user is usually granted specific access operations to perform
designated tasks. This is what Pieprzyk, et al. (2003) describes as access privilege, permission, or

DAMAINE FRANKLIN 9
access control. The primary purpose of access control according to Vimercati, et al. (2002) and
Mudarri (2015), is to control access to a system and its resources by limiting the operations of a
subject to ensure that only authorized access can occur. In an access control illustration taken
from Pieprzyk, et al. (2003), the authors stated whenever a subject wishes to access an object to
perform some specific operation (read, write, execute, etc.), the access control checks whether
the subject has the corresponding access permissions to the object. If the subject holds the
appropriate permissions, access is granted, otherwise it denies access to the object. Pieprzyk, et
al. (2003), added that the management of access rights is based on the established regulations or
policies of an organization. This means that a subject may fall in the access control list of either
Mandatory, Discretionary, or Role-based access control. According to Mudarri (2015), subjects
with mandatory access control are granted security clearance to objects with hierarchical levels
of security sensitivity, which is either secret, top secret, unclassified, or confidential. In other
words, a subject will only be required to access certain objects if he or she possesses the
necessary security clearance. Discretionary access control, on the other hand, grants the subject
complete control over an object and allows it to designate access permissions at its own
discretion (Mudarri, 2015). In addition, role-based access control grant access to specific
resources based on the subject's assigned role. This means that the subject is assigned to a role
and the object is assigned to a group. Therefore, the subjects are granted access based on the
assigned role, however, the access rights are based on the group where the object resides. Of the
three categories of access control, role-based access control is the most common and most secure
employed by organizations.

DAMAINE FRANKLIN 10
Principles of Data Protection
Another fundamental aspect of computer security is the principles of cryptography, which
aims to facilitates and guarantee data confidentiality, integrity, authentication, and non-
repudiation (Vacca, 2009, p. 30). According to Liu (2009), the fundamental principle of
cryptography is predicated on the concept of encryption and decryption. The author explained
that encryption occurs when readable plaintext data is converted into unreadable ciphertext using
an algorithm called a cipher. In addition, the purpose of encryption is to ensure that information
is hidden from anyone for whom it is not intended. In contrast to encryption, decryption occurs
when the ciphertext is converted back to its original plaintext.
According to Kessler (2006), there are three categories of cryptographic schemes used to
achieve its objectives, namely: asymmetric cryptography (public key), symmetric cryptography
(private key) and hashing functions. The author explained that with Symmetric encryption both
the sender and receiver of a message share a single private key, which is used to encrypt and
decrypt the message. The strength of the encryption is dependent on the cipher used, which can
be AES, RSA, Triple DES, or Blowfish. Furthermore, Kessler (2006) explained that asymmetric
encryption employes the use of two keys, a private key for encrypting plaintext data and a public
key for decrypting cyphertext data. Accordingly, Kessler (2006) noted that hashing functions
uses no public or private key since the plaintext data is not recoverable from the ciphertext.
Instead, a hashing function is used to convert the plaintext of any length into a hashing value of a
fixed length known as a message digest. According to the author, the hash function guarantees
that if the information is altered in any way, a completely different output value will be
generated. The resulting output value cannot be reversed to determine the original data.

DAMAINE FRANKLIN 11
An Overview of the eBay Data Breach
According to Balushi (2015), not enough scholarly and peer reviewed research has been
conducted on the data breach that eBay encountered. Consequently, this study relied on news
articles, reports, and website articles from reputable outlets. According to CNBC (2014), eBay
had announced that hackers intruded their network, accessed, and compromised the user
accounts of 145 million of its customers. The report found that the hackers only compromised
customers’ personal and identifiable information but not their financial data which was encrypted
and stored differently. CNBC News further added that the success of the attack was found to be
the compromised credentials of a small number of eBays employees. After they gained access,
Kelly (2014) noted that the hackers further gained access to the entire database of eBays
platform. As a result of the severity of the incident eBay advised its customers that they should
change their credentials to avoid being hacked. Following the discovery of the incident, three
American states Connecticut, Illinois and Florida has launched a federal investigation into the
matter (CNBC, 2014). Based on the number of accounts compromised, CNBC reported that the
incident has gained reputation as one of the biggest breaches in history.

DAMAINE FRANKLIN 12
Discussion and Analysis
The Incident
According to Balushi (2015), between late February and early March, eBay experienced a
data breach that compromises the personal and identifiable information of 145 million of its
customers. Due to the severity of the attack, eBay notified its customers via email on May 21,
2014, that they should immediately change their passwords informing them of the potential
compromised (Balushi, 2015). During that, it was reported that a major flaw was discovered
with eBays poor response to its customers is that. The report found that eBay at the time of
discovery had no warning notice set on its website and its customers were notified just two
weeks after they became aware of the incident (The Available Digest, 2014).
Threat Actors & Motives
According to IvyPanda (2020), there were several speculations regarding the motives of
the people who hacked eBay and what they wanted to achieve. Based on the method of the attack
and what was compromised it had been suggested that the attackers could have only wanted to
undermine the authority of eBay and damage their reputation. An assertion surrounding this
argument lies in the fact that eBay has always been one of the world’s foremost and largest
online marketplaces, which enable user to buy, sell, trade and conduct transactions online (eBay,
2014). Another suggestion is that this attack could be an attempt just to show eBay that their
systems are vulnerable, unsafe, and easily damaged. Regardless of the motive of the
cybercriminals, an interesting fact that came out of this attack is that the attackers had sufficient
time at their disposal to avoid getting caught. As a result of this attack, millions of eBay’s

DAMAINE FRANKLIN 13
customers lost their personal and identifiable information, making it one of the most famous
cyber-attacks in 2014 (IvyPanda, 2020). After the attack, eBay’s hired a forensic investigation
firm to help investigate the incident. A hacktivist group calling themselves “Syrian Electronics
Army” claimed responsibility for the attack how it has not been confirmed by eBay (Paganini,
2014).
Attack Vector
According to Singh (2020), the credentials of three eBay employees were compromised,
allowing the hackers to access eBay's internal network and exfiltrate unencrypted customer
personal and identifying data. It had been presumed by several authors that the attack method
used to obtain the login credentials had been by a spear phishing attack. This assertion is
supported by Sigh (2020) who believes that phishing attacks is one of the most common ways
the passwords of eBays employees could have been stolen, given that people typically use the
same password across platforms. In addition, eBay warned its customers to anticipate an increase
in fraudulent phishing emails in the aftermath of the attack (The Available Digest, 2014).
Furthermore, Al Pascual a recognized security analyst on cybercrime stated that the employees’
credentials were likely compromised by a spear phishing attack (Roman, 2014). Based on the
evidence, phishing remains the identified threat vector that led to the data breach at eBay. After
compromising the stolen credentials, the attackers used them to infiltrate eBay's internal
network. Once inside the network, they remained undetected for more than two months
according to Roman (2014). The fact that the attack against eBay was carried out using
legitimate employee credentials made it that much more difficult to detect (Singh, 2020).

DAMAINE FRANKLIN 14
Exploited Vulnerabilities
Although eBay stated that the data breach was caused by the compromised passwords of
three of its employees, several other vulnerabilities were discovered by third parties after the
breach was made public. According to Paganini (2014), the vulnerabilities identified were: cross-
site scripting (XSS), uploaded shell on eBay server, and Account Hijacking.
According to Paganini (2014), eBay had been notified on multiple occasions of the
presence of a potentially dangerous cross-site scripting vulnerability on its auction webpage.
Despite multiple attempts to notify eBay, Paganini (2014) discovered that the company did not
take any action to patch the vulnerability throughout that period. The author stated that this
vulnerability would allow an attacker to carry out an XSS attack, wherein they can inject
malicious HTML or JavaScript codes into a legitimate webpage. This code according to author
would contain a payload which when visited would redirect eBays customers to a phishing login
page to steal their user’s credentials. According to Vaas (2016), the identification of a XSS
attack on eBay’s auction webpage by its consumers would have posed a challenge, as it would
have required a thorough examination of the URL and a certain level of technical expertise to
understand the appearance of html or JavaScript elements. The second vulnerability discussed by
Paganini (2014), involved the use of a backdoor shell which was discovered on eBays website.
The author noted that this vulnerability could allow an attacker to upload a backdoor shell on
eBay’s web server with the aim to control it. The third vulnerability found was account hijacking
which was discovered after eBay made their public disclosure of the incident (Paganini, 2014).
The author noted that this attack exploited eBays forget password feature, allowing the attackers
to hijack millions of user accounts. According to Khandelwal (2014), this vulnerability was

DAMAINE FRANKLIN 15
reported to eBay after the data breach had occurred in May 2014. The author explained that the
attacker would first submit a forgotten password request to eBay by entering the victim’s email
or username. eBay then responds via email with a password reset page which is visible to both
the attacker and the victim. After the victim provides his or her email and presses submit, eBay
then responds with another email with a password reset link associated with the victim’s email
which is only visible to the victim and not the attacker. Upon clicking the password reset link,
the victim is redirected to an eBay webpage that offers the option to set a new password. The
user is required to enter this new password twice and afterwards submit it in order to successfully
reset their eBay account password. According to Khandelwal (2014), the attacker intercepts the
change password request sent by the victim, then forwards a malicious change your password
link to the intended victim disguising it as a legitimate response from eBay. When the user clicks
on that link and changes his or her password it is visible to the attacker.
Figure 1: eBay's Account Hijacking vulnerability (Khandelwal, 2014)

DAMAINE FRANKLIN 16
There was also a fourth vulnerability which Paganini (2014) also discussed. The author noted
that eBay allows its customers to reuse the same login cookies even if they are logged out or
have reset their password. This poses a security risk as the attackers could harvest those cookies
and exfiltrate their login credentials.
In a separate article, Singh (2020) discussed additional vulnerabilities that may have
contributed to the success of the eBay data breach. The author noted that prior to the attack, eBay
lacked basic security features such as two factor authentication. Singh (2020) argued that if eBay
had implemented 2FA then the data breach would not have been possible as the attackers easily
gained access to eBay’s internal network and co promised sensitive information. Furthermore,
according to Singh (2020), the lack of awareness training presents a vulnerability that can be
exploited by attackers. The author stated that eBays reputational damage, trust and millions of
dollars could have been averted if its employees were trained on how to identify basic cyber
threat tactics. Singh (2020) highlights a further significant vulnerability, wherein despite the fact
that eBay had a functioning firewall, it proved insufficient in detecting the data breach in a
timely manner. The author argued that eBay had been unable to detect the network intrusion for
more than two months, during which time the attackers had already made significant progress in
its network. Such a flawed detection system provided the attackers with sufficient time they
needed to gain access to eBay’s system and exfiltrate all the data they wanted. In the aftermath of
this attack, Singh (2020) noted that customers' trust in eBay had diminished, primarily because
eBay lacked the necessary controls to safeguard their personal and identifiable information,
which was likely to result in identity theft.

DAMAINE FRANKLIN 17
Recommendations
One of the primary failures observed in the eBay data breach incident pertains to the
organization's inability to detect the intrusion in a timely manner. Additionally, there was a
deficiency in the implementation of adequate protective measures to safeguard customer
sensitive information, and a failure to fulfill the responsibility of notifying affected customers
about the incident, thereby impeding their ability to take necessary steps to secure their sensitive
data. As a result, this section’s aim is to recommend several preventative measures based on the
vulnerabilities identified in the eBays data breach incident.
A. Authentication and Access Control
According to Singh (2020), eBay lacked adequate authentication protocols such as two
factor authentication at the time of the attack. The author argued that if eBay had implemented
two-factor authentication, it would have made it more difficult for the attackers to gain access to
its internal network because two factor authentication adds an additional layer of security to the
login process. The second factor may include something you such as an extra password or pin,
something you possess such as an RSA token, or something you inherit such human biometrics.
B. Adequate Encryption
The incident analysis revealed that the primary reason the attackers were unable to
compromise and exfiltrate sensitive financial data was because it was encrypted and stored on a
distinct server. This proves that adequate encryption proves to be effective in ensuring data
confidentiality and preventing unauthorized access. From this incident, it was discovered that

DAMAINE FRANKLIN 18
eBay did not secure its customers sensitive data with encryption. If eBay had done were
protected with robust encryption, it would be difficult for an attacker to obtain access and
compromise 145 million customers sensitive information. Data encryption involves the
utilization of both a public and private key to ensure the security of the information. Without
possessing the appropriate key, decryption of the data becomes unattainable, hence maintaining
data confidentiality and preventing unauthorized access. Even though some attackers will
attempt to access confidential messages without the correct key, it will take so long to locate the
correct key that it becomes practically impossible.
C. Network Defense
According to Singh (2020), even though eBay had a functioning firewall to defend its
network, it proved insufficient in detecting the data breach in a timely manner. The author
argued that eBay had been unable to detect the network intrusion for more than two months,
during which time the attackers had already made significant progress in its network. Such a
flawed detection system provided the attackers with sufficient time they needed to gain access to
eBay’s system and exfiltrate all the data they wanted. While the implementation of firewalls,
when appropriately configured, enhances network security, eBay's network could have been
further fortified by incorporating other measures such as an intrusion detection system, an
intrusion prevention system, or a honeypot to mitigate unauthorized access. The implementation
of additional network defense measures would enhance eBay’s ability to detect a network
intrusion in a timelier manner, given that the attackers were present on eBay’s network for more
than two months. These additional controls would also assist eBay in responding to cyber threats
proactively and prioritize resources accordingly.

DAMAINE FRANKLIN 19
D. Security Awareness Training
Implementing comprehensive security awareness training is an effective strategy for
protecting an organization's data, applications, and network against risks and malicious cyber
threats. According to Singh (2020), the lack of awareness training presents a vulnerability that
can be exploited by attackers. The author stated that eBays reputational damage, trust and
millions of dollars could have been averted if its employees were trained on how to identify basic
cyber threat tactics. By far the most important lesson learned from the eBay data breach is the
need to establish a security culture that involves all employees. Security awareness training are
an effective way of teaching employees about the tactics used in phishing and social engineering
scams.
Conclusions
In conclusion, the data compromise that occurred at eBay between late February and
early March, 2014 resulted in severe damaged the company's reputation, and according to
multiple sources, it was among the most severe attacks in the history of the Internet (IvyPanda,
2020). The existing security controls implemented by eBay were not sufficient enough to prevent
the intrusion as the attackers were able to easily access its internal network and remain
undetected for more than two months. If eBay had more resilient and proactive security controls
in place to detect and respond to the incident sooner, the incident could have been avoided.
Although, the financial information of eBays customer were not compromised, the reputational
damage is so significant that its customers have lost trust in the company to secure their sensitive
data. Based on the findings of Roberts (2014), eBay incurred an approximate financial loss of
$300 million as a result of the data breach. To mitigate the risk of future attack, it is imperative

DAMAINE FRANKLIN 20
that eBay implements robust security controls for preventing unauthorized access to it internal
network and sensitive customer data.

DAMAINE FRANKLIN 21
References
Balushi, B. M. A., 2015. An Analysis of eBay's Communication Resposnse to the Hacking Crisis
and the Impact on Users Trust and Behavioural Intentions. International Journal of Arts &
Sciences,, 8(7), pp. 161-199.
Bishop, M., 2018. Computer Security Art and Science, 2nd Edition. In: Chapter 1: An Overview
of Computer Security. s.l.:Addison-Wesley Professional, pp. 257-258.
CNBC, 2014. Hackers raid eBay in historic breach, access 145M records, s.l.: CNBC News.
eBay, 2014. eBay Inc. To Ask eBay Users To Change Passwords. [Online]
Available at: https://www.ebayinc.com/stories/news/ebay-inc-ask-ebay-users-change-passwords/
[Accessed 25 August 2023].
Envision IT Solutions, 2022. What is Two-Factor Authentication and its Advantages. [Online]
Available at: https://blog.envisionitsolutions.com/what-is-two-factor-authentication-and-its-
advantages
Fortinet, 2023. CIA Triad. [Online]
Available at: https://www.fortinet.com/resources/cyberglossary/cia-triad
Gilbert, J. O., 2014. eBay Hacked, Urges All Members to Change Passwords Immediately.
[Online]
Available at: https://finance.yahoo.com/news/ebay-hacked-urges-all-members-to-change-
passwords-86405258249.html
IvoryResearch, 2021. Information Systems Strategy Analysis of eBay Company. [Online]
Available at: https://www.ivoryresearch.com/samples/information-systems-strategy-analysis-of-

DAMAINE FRANKLIN 22
ebay-company/
IvyPanda, 2020. Cyber Attack on eBay Company: The Summer of 2014 Report. [Online]
Available at: https://ivypanda.com/essays/cyber-attack-on-ebay-company-the-summer-of-2014/
IvyPanda, 2020. Cyber Attack on eBay Company: The Summer of 2014.. [Online]
Available at: https://ivypanda.com/essays/cyber-attack-on-ebay-company-the-summer-of-2014
Khandelwal, S., 2014. Hacking any eBay Account in Just 1 Minute. [Online]
Available at: https://thehackernews.com/2014/09/hacking-ebay-accounts.html
Liu, D., 2009. Chapter 3 - An Introduction To Cryptography. In: Next Generation SSH2
Implementation. s.l.:Syngress, pp. 41-64.
Montalvo, M., 2022. What Is The Driving Force Of Successful Business Automation?. [Online]
Available at: https://www.forbes.com/sites/forbesbusinesscouncil/2022/05/19/what-is-the-
driving-force-of-successful-business-automation/
Mudarri, T., 2015. Security Fundamentals: Access Control Models. International Journal of
Interdisciplinarity in Theory and Practice, pp. 259-262.
Paganini, P., 2014. Ebay and PayPal hacked by Syrian Electronic Army, “For denying Syrian
citizens the ability to purchase online products” said SEA.. [Online]
Available at: https://securityaffairs.co/21838/hacking/ebay-paypal-hacked-syrian-electronic-
army.html

DAMAINE FRANKLIN 23
Paganini, P., 2014. Security experts have discovered three new critical eBay vulnerabilities, the
privacy and data of more than 145 million users is still at risk.. [Online]
Available at: https://securityaffairs.com/25177/hacking/critical-ebay-vulnerabilities.html
Pieprzyk, J., Hardjono, T. & Seberry, J., 2003. Chapter 17: Access Control. In: Fundamentals of
Computer Security . s.l.:Springer-Verlag Berlin Heidelberg, pp. 565-589.
Ponemon Institute, 2015. 2014: A Year of Mega Breaches, Traverse City: Ponemon Institute©
Research Report .
Rensing, C., Karsten, M. & Stiller, B., 2002. AAA: A Survey and aPolicy-Based Architecture
and Framework. IEEE Network, 16(6), pp. 22-27.
Roberts, S., 2018. Learning lessons from data breaches. Network Security , 2018(11), pp. 8-11.
Roman, J., 2014. eBay Breach: 145 Million Users Notified. [Online]
Available at: https://www.bankinfosecurity.com/ebay-a-6858
Shipsey, R., 2009. Computer Security . In: Chapter 1: Security . London: University of London,
p. 1.
Singh, G., 2020. eBay 2014 data breach: With Big Data comes Big Responsibility. [Online]
Available at: https://www.skillsire.com/read-blog/266_ebay-2014-data-breach-with-big-data-
comes-big-responsibility.html
Summers, R. C., 1984. An overview of computer security. IBM Systems Journal, 23(4), pp. 309-
325.
The Available Digest, 2014. eBay’s Slow Response to Data Hack, s.l.: Sombers Associates, Inc.,
and W. H. Highleyman.

DAMAINE FRANKLIN 24
Vacca, J. R., 2009. Chapter 2: Data Encryption. In: Cyber Security and IT Infrastructure
Protection. s.l.:Elsevier Science & Technology, pp. 1-46.
Vimercati, S. D. C., Paraboschi, S. & Samarati, P., 2002. Access Control: Principles and
Solutions. Software Practice and Experience, 2(12), pp. 1-7.

DAMAINE FRANKLIN 25

Computer Security - Case Study

More Related Content

What's hot

Similar to Computer Security - Case Study

More from DamaineFranklinMScBE

Recently uploaded

Computer Security - Case Study