INTRODUCTION: the personal information stored in the eBay database

INTRODUCTION:  The following analysis is about the attack
that took place in May 2014 on eBay. The hackers stole the eBay staff credentials,
as they had the access to the database, so they had the customer name, password
which was in the encrypted form, email address, physical address, phone number
and date of birth. eBay said that the encrypted passwords were stored in the
hash format. The officials said they didn’t wanted to reveal their algorithm. Though
the passwords were encrypted, the personal information stored in the eBay
database was not encrypted. So, the attackers had the complete personal
information which could affect 145 million people. Attackers can sell this
personal information and can be misused. This attack is one of the biggest data
breaches in the 16th century.


DESCRIPTION OF THE ATTACK: The attack on eBay happened on May 2014 where the attackers
had the access to the eBay database by using the credentials of three employees
and it was not discovered until two weeks. They had the employee credential for
229 days. During that, they made their way to the database. eBay confessed that
its financial information is stored separately. eBay also own PayPal. So, they stated
that its information is stored separately and there is no threat to that
information. Reason for this attack can be phishing. A fake e-mail was sent to
log in and reset password which must be similar to original and convinced to
change password which may have resulted in the attack. Phishing is one of the
social engineering attacks in which information is stolen by acting as a trusted
entity and tricks the user into an email or a message. Later user is tricked
into opening a malicious link which installs a software as soon as the user
clicks the malicious link. As soon as the attackers had access to the eBay
database, they stole 145 million users personal information like email address,
physical address, phone number and date of birth. This eBay attack is
considered as one of the biggest cyber breaches.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now


MITIGATION STEPS: The cyber-attack on eBay was the biggest data breach in which
compromised 145 million customers personal information. According to the
officials, no financial information of the customers such as credit card was
compromised. But the biggest issue was the privacy of customer’s data such as
name, phone number, date of birth through the password was stored in the
encrypted hashed form. This information can be misused by the attackers as they
can sell the data to someone. They can use this information on other websites
and try to trick them.

Some of the best ways to avoid
phishing attacks are to reduce opening sites by clicking the link, installing
an anti-phishing toolbar which checks whether the site is legitimate or not
before opening and does not share personal information over the internet. Also,
one should be careful about pop-ups which act as a legitimate website. The
netsparker also suggested customers increase an extra layer of security which
is the two-factor authentication which has the possibility to avoid the attack.
But, there is no guarantee that the attacker can’t access the information about


I'm Dianna!

Would you like to get a custom essay? How about receiving a customized one?

Check it out