More Subjects
Milestone
[Name of the Writer]
[Name of the Institution]
Milestone
Section # 1
Introduction
eBay Incorporation is a US-based multinational e-commerce corporation based in San Jose, California. The company facilitates business to business and consumer to consumer sales through its website. The company (eBay) has become a notable success story of the dot-com bubble with having strong business growth and increasing customers’ base. In the year 2014, eBay the company faced huge trouble of data breach in which hackers hacked accounts of around 150 million users of eBay. This data (cybercrime) breach has occurred in late 2014 but it has been reported during 2016 by the company. In the data breach, the names, email addresses, phone numbers, passwords, date of birth, and some of the security questions have been obtained by the hackers. Every data or cybercrime breach has inverse impacts on the person or organization which have been hacked or whose data have been stolen, but the cybercrime braches (data breach) of eBay have been found one of the most badly affecting the company.
This was a badly affecting breach because in hacking organizations data such as business information etc. also impacts badly and is considered illegal and unethical but they have impacts on the hacked organization of body while, the breach of eBay has impacts on the company in terms of losing valued and highly potential customers as well as it has impacts on the people and communities as their critical information has been captured (Business Insider, 2019). A number of cybercrimes are there to be brought under analysis and discussion, but the data breach of eBay has been chosen because it has been found more critical and multi-affecting than some of the others while the shocking thing is it has not been considered as illegal but not a criminal act.
The people who were involved in this data were not a single person or hacker. While a group has found involved in this huge data breaches in which they hacked accounts of around 150 million users of the company (eBay).
Section # 2
Attackers and Defenders of eBay Data Breach 2014
As mentioned earlier, the attackers nor the defender of the data breach of eBay was not a single individual while a well-established organization was involved which has hacked the accounts of around 150 million users of eBay. In the data breach, the attackers have a totally unique motive for hacking because this motive and even hack has considered illegal but not as criminal.
On the other side, the defender of this breach is also a highly professional body and it can be stated that the data breach has been defended well too but up to some extent. Hence the major people involved in this data breaches are groups/organizations. So, some of the possible details of the groups or organizations are as follows.
The group who has attacked eBay and hacked its valued data of 150 million users are known as the "Syrian Electronic Army” (SEA). The group has claimed responsibility that they have attacked the company and hacked their data. They claimed the responsibility after eBay reported the data breach in 2016. The main and ultimate motive for the group (SEA) was Hacktivism and that was the actual reason because of which the motive and hack have not been considered as criminal (Saarien & Sarrinen, 2019).
SEA is a group of computer hackers who surfaced online for the first time in 2011. The main goal of the groups is to support the government of Syrian President. The group use website defacement, spamming, phishing, malware and other types of attacks (Abas & MAsri, 2018). In their attacks, they also have attacked the number of opposition groups, news organizations, websites, and many human rights organizations that are in conflict of the government. They have also attacked and hacked many government websites in Europe and the Middle East. The group (SEA) openly launches the cyber-attacks on its enemies in 2011.
The group (SEA) was connected with the group of Syrian Computer Society which has firstly headed by the Syrian President Bashar Al-Assad. The group also has a registered website (Syrian-es.com). The main background and information about the group ,has been supported by the Syrian state. Beyond that, the group called SEA also have several links with some big bodies such as official in Syria, Lebanon, Iran, and Hezbollah. In 2015, the group has been suspected as actually Iranian by the officials of American intelligence.
In this big data breach ever faced by eBay in 2014, the company took every possible step to defend the attack on its user’s data. The company has assigned a number of groups that have worked for the company in defending the attacks. Beyond that, the company also took every simple and easy & tough and complex step to defend itself against the attack. They also have worked on improving their data protection policies and processes (Stevenson, 2018). Hence the main and key defender (after some defenders hired by the eBay “not shown at all by the company as they have reported the breach in 2016 while it has happened in 2016”), is eBay itself.
At the time and even after the data breach faced by the company, the company ensured keeping the top of the password management. As well as they have asked every customer whose accounts have been hacked or not to change their accounts passwords after attackers got access and hold on the logins of employees and got access to the data of eBay customers (BBC News, 2014).
Section # 3
Timeline of the Event (eBay Data Breach)
Throughout 2014, the topic of cybersecurity and cybercrime has been a major for discussion. In the year 29014, the occurrence of cyber-attacks and hacking has not slowed down with no sign. Many companies, organizations, and businesses faced huge troubles of data breaches in a particular period (Chabrow, 2019). The data and critical information on large scale organizations have been stolen by several hackers. The number and occurrence of cybercrime events and data breaches have been recognized two times higher than of 2013. As mentioned above, several organizations and their data have been hacked. Hence, one of them was eBay.
The attack on the eBay data has been announced on the 21st of May, 2014. On this date, the company announced the security breach on its main database and asked even all of its customers to change their passwords. The company has announced the concern due to several reasons but one this was also a major reason that the access of eBay employees has been gotten by the hackers and employees were not able to change customers’ passwords.
Timeline
There is a number of events that have occurred in the event of the eBay data breach. Each of these steps has been taken and completed in a well-planned and highly professional manner. Some of the possible details and explanations of each of the events occurred in the event (eBay data breach 2014) and the timeline is as follows.
S. No
Event Occurred
Details
01
Installation of Malware
The first event that occurred in the eBay data breach 2014 was the installation of Malware by the hacking group involved. In the very early stage, they have installed the particular Malware that has been developed, designed and planned to be used for this particular attack.
02
Steeling the data
Another and a critical and crucial event that has occurred from the attackers’ side was steeling the basic data such as getting the data that allow hackers to gain access to the accounts of eBay employees.
03
Story Breaks
This is the event where the 120-page role has been broken by hackers. This step or event was the event or step taken by the hackers while attacking in which the database was breached between late February and early March.
04
Target Employee Accounts
The most critical and worst event for eBay in the data breach of eBay was the target of eBay employees’ accounts. This event was the most crucial part of the entire process and event because this event of targeting employees’ accounts give the ultimate access to the hackers, while on the opposite side, it was the most important and crucial step and event for the hacking group (hackers) (Finkle, 2014).
05
Target 140 million accounts
After having access to the accounts of eBay employees, the next event that occurred in the event of eBay data breach was hacker got access to the accounts of around 30% of accounts out of 150 million.
06
Target customers basic information
Proceeding, the group (hackers) target the initial/basic information of the customers such as their names and email, etc.
07
Target data breach of all users’ accounts
This was almost the last event in the event of an eBay data breach. In this step, the hackers ultimately targeted the accounts of even all 150 million customers of eBay and got access to all 150 million accounts of users (Wakefield, 2014).
09
Hacking the data
The last event in this data breach was the data hack. The hackers hack the company’s (eBay) customers’ accounts and data such as their names, email addresses, date of birth, and security questions.
Section # 4
How the eBay Data Breach Could Have Been Mitigated or Prevented
There are some crucial steps that could be taken into action to prevent such a massive breach, but some most credible ones are the following.
Technical Change Solution
The event could be prevented in the way if the company had security controls at both levels. Here they were required to have security controls at two levels which are the security control within applications that includes database, customers’ applications, and application platforms while they had to have strong security controls at the system level such as volumes and file system (Lyne, 2014). As well as three critical controls and management are needed at each of the below levels.
Access control
Encryption
Monitoring of data access patterns
The joint power of the above two controls access “control and encryption” is that those controls exclude each of the users which have no authority or not authorized to from accessing the data (HelpSystems). Hence, this hugely and greatly decreases the surface and access available to hackers.
Beyond that, the last but not the least control (monitoring of data access) enables the company to identify faster any unusual occurrence or happenings with any of the accounts, flag it for lockdown and investigation, and stop the process of an attack on the account (Lyne, 2014). So through the implementation of this control, eBay could have prevented the massive data breach they faced.
Beyond that, other credible techniques through which the breach could have been prevented were the usage of two-factor authentication like a physical token which creates a one-time PIN to log in. These are some of the most perfect fit because these are associated with technical control while the data breach that eBay had faced had occurred mostly because of the poor technical control of their valued and importance even they have a huge amount of customers’ data as they are an online e-commerce company (UCSC, 2019).
Additionally, the major things that have been learned from the event is that 1) organization having so much data of customers should change and implement procedures and new controls as threat as the hacking and technology environment is changing unstoppably, 2) consider the addition of resources that know that 5 phases of ethical hackers and to think like a hacker and get possible entryways into any organization, and 3) test new policies and procedures that are effective so that could be protected from hacking like eBay (Robert, 2018).
Culture Change Solution
Development of security awareness plans and pieces of training
They should create a cyber-breach response plan
Instill a concept of the security belongings to all employees
eBay and the concerned management or department have to get a secure development lifecycle at the organization (Gonsalves, 2017).
Recognize each of the employees who support and put efforts for security enhancement
Develop or build up a security community within the organization.
References
Abas, A. MAsri, A. (2018). The new face of the Syrian Electronic Army. OpenCanada. Retrieved 11 October 2019, from https://www.opencanada.org/features/new-face-syrian-electronic-army/
BBC News. (2014). eBay faces investigation over the breach. Retrieved 11 October 2019, from https://www.bbc.com/news/technology-27539799
Chabrow, E. (2019). eBay Sees Revenue Decline Due to Breach. Bankinfosecurity.com. Retrieved 11 October 2019, from https://www.bankinfosecurity.com/ebay-sees-fewer-sales-due-to-breach-a-7074
Cyber Thieves Took Data on 145 Million eBay Customers by Hacking 3 Corporate Employees. (2019). Business Insider. Retrieved 11 October 2019, from https://www.businessinsider.com/cyber-thieves-took-data-on-145-million-ebay-customers-by-hacking-3-corporate-employees-2014-5
Finkle, J. (2014). Hackers raid eBay in historic breach, access 145 million records. The U.K. Retrieved 11 October 2019, from https://uk.reuters.com/article/uk-ebay-password/hackers-raid-ebay-in-historic-breach-access-145-million-records-idUKKBN0E10ZL20140522
Gonsalves, A. (2017). How to protect your company from an eBay-like breach. CSO Online. Retrieved 11 October 2019, from https://www.csoonline.com/article/2158083/how-to-protect-your-company-from-an-ebay-like-breach.html
HelpSystems. (2019). eBay Breach Highlights the Value of Monitoring Security-Related Events | Helpsystems.com. Retrieved 11 October 2019, from https://www.helpsystems.com/resources/articles/ebay-breach-highlights-value-monitoring-security-related-events
Lyne, J. (2014). eBay Hacked, Bleeds Data And Why You Need To Act. Forbes.com. Retrieved 11 October 2019, from https://www.forbes.com/sites/jameslyne/2014/05/21/ebay-hacked-bleeds-data-why-you-need-to-act/#3b5497d7b6bb
Roberts, S. (2018). Learning lessons from data breaches. Network Security, 2018(11), 8-11.
Saarinen, J., & Saarinen, J. (2019). Attackers access eBay customer passwords, personal data. iTnews. Retrieved 11 October 2019, from https://www.itnews.com.au/news/attackers-access-ebay-customer-passwords-personal-data-386139
Stevenson, A. (2018). These are the 19 worst data breaches in history. Business Insider. Retrieved 11 October 2019, from https://www.businessinsider.com/target-ebay-and-ubisoft-a-list-of-the-biggest-data-breaches-in-history-2015-7#15-pinterest-number-of-records-compromised-70-million-5
UCSC. (2019). Security Breach Examples and Practices to Avoid Them. Its.ucsc.edu. Retrieved 11 October 2019, from https://its.ucsc.edu/security/breaches.html
Wakefield, J. (2014). eBay Faces Investigations over Massive Data Breach. BBC News.
More Subjects
Join our mailing list
© All Rights Reserved 2024