Yahoo Data Breach Case Assignment
9 Pages3207 Words30 Views
Added on 2022-07-28
About This Document
Attached is the description for the assignment. Preferably 7 references
Yahoo Data Breach Case Assignment
Added on 2022-07-28
ShareRelated Documents
Running head: SECURITY BREACH
Security Breach
Name of the Student:
Name of the University:
Author note:
Security Breach
Name of the Student:
Name of the University:
Author note:
SECURITY BREACH1
Table of Contents
Introduction:....................................................................................................................................2
Yahoo Data Breach Case: How the attack has taken place.............................................................2
System vulnerabilities......................................................................................................................2
People Responsible:.........................................................................................................................2
Was it avoidable..............................................................................................................................3
Role of Cyber Insurance in Risk Mitigation:...................................................................................3
Background of the cases:.................................................................................................................3
Similarities between the two data breaches.....................................................................................4
Differences in the data breaches......................................................................................................4
Lesson learnt by the Companies from each other:...........................................................................5
Reflection:........................................................................................................................................6
References:......................................................................................................................................7
Table of Contents
Introduction:....................................................................................................................................2
Yahoo Data Breach Case: How the attack has taken place.............................................................2
System vulnerabilities......................................................................................................................2
People Responsible:.........................................................................................................................2
Was it avoidable..............................................................................................................................3
Role of Cyber Insurance in Risk Mitigation:...................................................................................3
Background of the cases:.................................................................................................................3
Similarities between the two data breaches.....................................................................................4
Differences in the data breaches......................................................................................................4
Lesson learnt by the Companies from each other:...........................................................................5
Reflection:........................................................................................................................................6
References:......................................................................................................................................7
SECURITY BREACH2
Introduction:
Information is one of the most significant assets of any company. In this report, we will
discuss about such information and data breaches in the company which has led to a massive
compromisation of the data.
Yahoo Data Breach Case: How the attack has taken place
In 2013, Yahoo witnessed one of the most devastating data breaches in the company,
where near about 3 million Yahoo accounts were hacked. The company databases are the
storehouse of the most crucial and sensitive information. These sets of data consist of the
information like the customer data, transaction details, passwords of the Yahoo Account, and
many other employees and customer details which if stolen can lead to major issues in the future.
However, the integrity of the data is lost due to this (Cheng, Liu and Yao 2017). With the third
party having full access to the data, the information of the customers is no longer considered to
be safe with Yahoo, the initial face of the internet.
The attack occurred in the form of spear-phishing. This attack is an e-mail scam that has
taken place in the company. Here, the hacker or the attacker sends an e-mail in which there is a
malicious file. Opening that file may redirect to a page which is which may look genuine.
However, while the link or the file is running in the system, the information present in the system
along with the user’s credentials are harvested by the hacker. Before the concerned person is
aware of the fact, the job of the hacker is already done. Here, the electronic mails were sent to
the employees of the organization. However, it was not clear from the investigation of how many
emails were sent (Manworren, Letwat and Daily 2016).
System vulnerabilities:
As mentioned earlier, the company databases are the storehouses of the data. The Yahoo
Database consisted of an innumerable amount of credentials of various employees as well as the
customers who used the search engine for availing their day to day activities along with a
cryptographic value which is entirely exclusive to each account. The credentials consisted of the
financial details of a customer, passwords, often consists of the details of the bank accounts
required for performing online transactions and many more (Crabb 2017). These are sensitive
data which can be used for accessing a personal system and extracting information out of them.
Money can be removed from the accounts of the individuals, or selling them out and misusing
them and extortion as well. With the encryption key in their hands, they were able to decrypt all
the confidential data of the customers present in the system (Thielman 2016).
People Responsible:
As per the reports, the investigation team suspected the Russian government for the
attack. However, the matter was not proven to until the next year that is 2016, when then the FBI
identified the four people who were involved in the attack of 2013 in Yahoo. The two of them
are the Russia Spies. Aleksey Belan, the Latvian Hacker, was the first one to be involved in this
system of hacking. He looked around in the networks for the account management tool of the
company and the database holding the information of the customers. These are the major aspect
of the system which initiated the hack. With the help of this, he was successful in creating a
backdoor in the Yahoo system server (Trautman and Ormerod 2016). With all the necessary
information gathered, Belan directed his fellow commercial hacker. Karim Baratov to initiate the
Introduction:
Information is one of the most significant assets of any company. In this report, we will
discuss about such information and data breaches in the company which has led to a massive
compromisation of the data.
Yahoo Data Breach Case: How the attack has taken place
In 2013, Yahoo witnessed one of the most devastating data breaches in the company,
where near about 3 million Yahoo accounts were hacked. The company databases are the
storehouse of the most crucial and sensitive information. These sets of data consist of the
information like the customer data, transaction details, passwords of the Yahoo Account, and
many other employees and customer details which if stolen can lead to major issues in the future.
However, the integrity of the data is lost due to this (Cheng, Liu and Yao 2017). With the third
party having full access to the data, the information of the customers is no longer considered to
be safe with Yahoo, the initial face of the internet.
The attack occurred in the form of spear-phishing. This attack is an e-mail scam that has
taken place in the company. Here, the hacker or the attacker sends an e-mail in which there is a
malicious file. Opening that file may redirect to a page which is which may look genuine.
However, while the link or the file is running in the system, the information present in the system
along with the user’s credentials are harvested by the hacker. Before the concerned person is
aware of the fact, the job of the hacker is already done. Here, the electronic mails were sent to
the employees of the organization. However, it was not clear from the investigation of how many
emails were sent (Manworren, Letwat and Daily 2016).
System vulnerabilities:
As mentioned earlier, the company databases are the storehouses of the data. The Yahoo
Database consisted of an innumerable amount of credentials of various employees as well as the
customers who used the search engine for availing their day to day activities along with a
cryptographic value which is entirely exclusive to each account. The credentials consisted of the
financial details of a customer, passwords, often consists of the details of the bank accounts
required for performing online transactions and many more (Crabb 2017). These are sensitive
data which can be used for accessing a personal system and extracting information out of them.
Money can be removed from the accounts of the individuals, or selling them out and misusing
them and extortion as well. With the encryption key in their hands, they were able to decrypt all
the confidential data of the customers present in the system (Thielman 2016).
People Responsible:
As per the reports, the investigation team suspected the Russian government for the
attack. However, the matter was not proven to until the next year that is 2016, when then the FBI
identified the four people who were involved in the attack of 2013 in Yahoo. The two of them
are the Russia Spies. Aleksey Belan, the Latvian Hacker, was the first one to be involved in this
system of hacking. He looked around in the networks for the account management tool of the
company and the database holding the information of the customers. These are the major aspect
of the system which initiated the hack. With the help of this, he was successful in creating a
backdoor in the Yahoo system server (Trautman and Ormerod 2016). With all the necessary
information gathered, Belan directed his fellow commercial hacker. Karim Baratov to initiate the
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
JP Morgan Data Breachlg...
|5
|722
|96
Analysis Of Corporation Breacheslg...
|5
|603
|14
Computer Security Breaches (2017) Name of the University Authorlg...
|10
|2520
|395
One of the Privacy Violation Incidence of Yahoolg...
|6
|2097
|434
Information Security : Assignmentlg...
|11
|2578
|35
Analysis of Security Issueslg...
|6
|1303
|286