Download to read offline
More Related Content
ebay_data_breach
- 1. Running Head: EBAY1 EBay Data Breach Name Institutional Affiliation Date
- 2. EBAY 2 1. TheEvent In 2014, eBay experienced one of the most significant data breaches of the 21st century that affected 145 million of its customers. The data breach exposed customer details such as; names, dates of birth, address, encrypted passwords and phone numbers. The data breach was a result of attackers using employee information to gain access to eBay’s corporate network. The breach was discovered in May 2014 and was later discovered that it had gone on for at least one month. The company later stated that it had no reason to believe that the customer passwords were compromised since the hackers would not have managed to break the encryption that protected them (Finkle, Catterjee & Maan, 2014). However, it was highly advisable that all customers change their passwords to remain on the safe side. 2. Threat Source The threat source in the case of eBay was a structural threat. Structured threats are organized actions to breach a specific network or organization. In the case of eBay, the attackers organized the attack by first phishing log-in credentials from a group of employees. The attackers then targeted the company's corporate network where they were able to access details of over 145 million customers. Type of Threat Source Although not many details were provided about the attack, external individuals and organizations are believed to have been the threat source. Their aim is always to access important customer details through which they can send phishing e-mails to gain access to other important accounts, such as bank accounts, which they may steal information and money. Their information can also
- 3. EBAY 3 be soldto other parties where the groups make monetary gains. It is one of the reasons why it was recommended that customers change their passwords on eBay and any other linked accounts to ensure that the attackers would not be able to access their information. 3. Exploited Vulnerability The vulnerability exploited in this scenario was eBay’s weak security system. The system was accessed by people outside the corporation and managed to stay hidden for a month without detection. There were no changes for a significant period of time which allowed the attackers to take their time in siphoning as much information as possible. Many organization always fall victim to such attacks due to their weak and vulnerable systems. 4. Absent Controls and How they Contributed to the Breach The absent controls in this case were a strong system security that could detect intrusions and any suspicious activities. It can easily be pointed out that the employee details were able to access the entirety of the system and siphon as much information as possible (McAfee, 2014). However, such a problem can easily be solved by hiring a team of professionals that can create a better system security that has capabilities to detect such activities and report them. The team will monitor the system throughout and identify any red flags that could cause threats to the company. The team can also come up with additional measures based on vulnerabilities they identify over time. As such, the system will always be secure and its security assured through the highly qualified security team.
- 4. EBAY 4 References Finkle J,Catterjee S & Maan L (2014). EBay asks 145 million users to change passwords after cyber attack. Retrieved from https://www.reuters.com/article/us-ebay-password/ebay- asks-145-million-users-to-change-passwords-after-cyber-attack- idUSBREA4K0B420140521 McAfee(2014). How Bad is the eBay Breach? Here Are the Stats. Retrieved from https://www.mcafee.com/blogs/enterprise/cloud-security/how-bad-is-the-ebay-breach- here-are-the-stats/