In 2014, eBay experienced one of the most significant data breaches of the 21st century that affected 145 million of its customers. The data breach exposed customer details such as; names, dates of birth, address, encrypted passwords and phone numbers. The data breach was a result of attackers using employee information to gain access to eBay’s corporate network. The breach was discovered in May 2014 and was later discovered that it had gone on for at least one month. The company later stated that it had no reason to believe that the customer passwords were compromised since the hackers would not have managed to break the encryption that protected them (Finkle, Catterjee & Maan, 2014). However, it was highly advisable that all customers change their passwords to remain on the safe side.
Z Score,T Score, Percential Rank and Box Plot Graph
ebay_data_breach
1. Running Head: EBAY 1
EBay Data Breach
Name
Institutional Affiliation
Date
2. EBAY 2
1. The Event
In 2014, eBay experienced one of the most significant data breaches of the 21st
century that
affected 145 million of its customers. The data breach exposed customer details such as; names,
dates of birth, address, encrypted passwords and phone numbers. The data breach was a result of
attackers using employee information to gain access to eBay’s corporate network. The breach
was discovered in May 2014 and was later discovered that it had gone on for at least one month.
The company later stated that it had no reason to believe that the customer passwords were
compromised since the hackers would not have managed to break the encryption that protected
them (Finkle, Catterjee & Maan, 2014). However, it was highly advisable that all customers
change their passwords to remain on the safe side.
2. Threat Source
The threat source in the case of eBay was a structural threat. Structured threats are organized
actions to breach a specific network or organization. In the case of eBay, the attackers organized
the attack by first phishing log-in credentials from a group of employees. The attackers then
targeted the company's corporate network where they were able to access details of over 145
million customers.
Type of Threat Source
Although not many details were provided about the attack, external individuals and organizations
are believed to have been the threat source. Their aim is always to access important customer
details through which they can send phishing e-mails to gain access to other important accounts,
such as bank accounts, which they may steal information and money. Their information can also
3. EBAY 3
be sold to other parties where the groups make monetary gains. It is one of the reasons why it
was recommended that customers change their passwords on eBay and any other linked accounts
to ensure that the attackers would not be able to access their information.
3. Exploited Vulnerability
The vulnerability exploited in this scenario was eBay’s weak security system. The system was
accessed by people outside the corporation and managed to stay hidden for a month without
detection. There were no changes for a significant period of time which allowed the attackers to
take their time in siphoning as much information as possible. Many organization always fall
victim to such attacks due to their weak and vulnerable systems.
4. Absent Controls and How they Contributed to the Breach
The absent controls in this case were a strong system security that could detect intrusions and
any suspicious activities. It can easily be pointed out that the employee details were able to
access the entirety of the system and siphon as much information as possible (McAfee, 2014).
However, such a problem can easily be solved by hiring a team of professionals that can create a
better system security that has capabilities to detect such activities and report them. The team
will monitor the system throughout and identify any red flags that could cause threats to the
company. The team can also come up with additional measures based on vulnerabilities they
identify over time. As such, the system will always be secure and its security assured through the
highly qualified security team.
4. EBAY 4
References
Finkle J, Catterjee S & Maan L (2014). EBay asks 145 million users to change passwords after
cyber attack. Retrieved from https://www.reuters.com/article/us-ebay-password/ebay-
asks-145-million-users-to-change-passwords-after-cyber-attack-
idUSBREA4K0B420140521
McAfee(2014). How Bad is the eBay Breach? Here Are the Stats. Retrieved from
https://www.mcafee.com/blogs/enterprise/cloud-security/how-bad-is-the-ebay-breach-
here-are-the-stats/