Introduction: not encrypted stating that only passwords were encrypted

Introduction:
The  vulnerability analysis is about the
cyber-attack that took place in May 2014 on
Ebay and was not open up to people until the  February and  March about the theft and database attack that
occurred. The attackers may have performed the phishing attacks or malware
attacks, where about 145 million people were affected from this. The attackers
tried to steal the data which included customers name, password, email address,
physical address, phone number and date of birth. This information breach
created raising awareness quickly to detect the problem.

Description
of Attack: 
The attack on the Ebay firstly came into progress in May 2014 which
compromised the employees login details. The best thing is that between
discovery and divulgence the time is short. But Ebay expected something worst
could have happened , so it eventually affected nearly 145 million people such
as their name, password, email address, physical address, phone number and date
of birth. Anyways, the company says that the passwords were stored safely and
they were encrypted but didn’t explain how, as few puzzling terms were used.
According to ebay, personal information was not encrypted stating that only
passwords were encrypted as eventually attackers could have get any other
personal information to steal. As personal information is used for many
functions such as the security and accessing of accounts. Also attackers
requires just little amount of personal information as for to resetting
passwords where many sites can be easily tricked into this.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

The information lives on two different systems as
ebay says that information was not compromised for paypal. As many people share
their passwords between accounts it is highly advised to change passwords
immediately to something very different for safety. A very high risk is
regarding the phishing attacks where fraudulent practices happen in order to
catalyse individuals to reveal personal information, such as passwords and
credit card numbers which is dangerous. Ebay will be sending notifications
about the safety actions to be taken but the best method is to access ebay’s
website directly to reset the password.  It all started when hackers took data over 145
million ebay customers by hacking 3 corporate employees. As they got the
credentials from 3 corporate employees they want to make their way eventually
to the user database. Because of this, in no time sooner hackers could access
all the email addresses and encrypted passwords belonging to all the ebay
users.

Mitigation
Steps: The cyber-attack on ebay compromised 145
million people which was one of the biggest data breach of the history. It is
important that the businesses have a certain plan to handle any possible
attacks. The plan should eventually include how it is going to work for the
customers  to update the steps they
should use for mitigation of the risks caused by the attacks.

Here firstly, right people are required for advising
in the business and it needs to cover all the basics associated with it. As
they need to know what all information it holds , who has access to it and
where it is.

Secondly, under the Data protection act there should
be a clear vision about the understanding the imperative regarding the data.
Besides, the next month a new cyber essential scheme was launched by the
government. This scheme is basically about how businesses can gain one of two
cyber essentials badges. Privacy concerns and the digital security play a
crucial role to many financial service companies and telecom providers ,
private sector as it is co-ordinating with government for some improved online
identification tools. President of the Diacc, Aran Hamilton said that everyone
has login details with the same user names and passwords which are not secured.
The digital ID and Diacc( Authentication council of Canada),  has launched the online transaction system
which identifies the purchasers through a physical card that can be tapped on a
computer.

Ebay might have protected its reputation by
informing users more effectively during and also after the attack, months have
passed between this incident and discovery and given hackers time to utilize
customer data.