INTRODUCTION: hackers stole the eBay staff credentials, and accessed

INTRODUCTION:  The following analysis is about the attack
that took place in May 2014 on eBay. The hackers stole the eBay staff credentials,
and accessed  the database, so they had
the customer name, password which was in the encrypted form, email address,
physical address, phone number and date of birth. One of the advantage is that
the encrypted passwords were stored in the hash format. The eBay officials said
they didn’t wanted to reveal their algorithm as it would be public. Though the
passwords were encrypted but, the personal information stored in the eBay
database was not encrypted which the attackers took complete advantage and stole
all the personal information which affected 145 million people. Attackers can
sell this personal information and can be misused where they can use
information like name and phone number and trick users. This attack is
considered to be one of the biggest data breaches in the 16th century.


DESCRIPTION OF THE ATTACK: The attack on eBay happened on May 2014 where the attackers
had the access to the eBay database by using the credentials of three employees
and it was not known until two weeks. They had the employee credential for 229
days. During this period, they made their way to  access the database. eBay confessed that its
financial information is stored separately. eBay also own PayPal. So, they stated
that its information is stored separately and there is no threat to that

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

Reason for
this attack can be phishing. A fake e-mail was sent to log in and reset
password which will be similar to the original and convincing enough to change the
password which resulted in the attack. Phishing is one of the social
engineering attacks in which information is stolen by acting as a trusted
entity and tricks the user into an email or a message. Later user is tricked
into opening a malicious link which installs a software as soon as the user
clicks the malicious link. As soon as the attackers had access to the eBay
database, they stole 145 million users personal information like email address,
physical address, phone number and date of birth. This eBay attack is
considered as one of the biggest cyber breaches.


MITIGATION STEPS: The cyber-attack on eBay was the biggest data breach in which 145
million customers personal information was at stake. According to the
officials, no financial information of the customers such as credit card is
under threat.

 But the major issue was the personal
customer’s data such as name, phone number, date of birth through the password
was stored in the encrypted hashed form. This information can be misused by the
attackers as they can sell the data to someone. They can use this information
on other websites and try to trick them.

Some of the best ways to avoid
phishing attacks are to reduce opening sites by clicking the link, installing
an anti-phishing toolbar which checks whether the site is legitimate or not
before opening and does not share personal information over the internet. Also,
one should be careful about pop-ups which act as a legitimate website.

The netsparker also suggested customers increase
an extra layer of security which is the two-factor authentication which has the
possibility to avoid the attack. But, there is no guarantee that the attacker
can’t access the information about that.