Report on Information Security Breach: Americas Job Link Website

Verified

Added on 2020/02/24

AI Summary

This report examines an information security breach affecting the Americas Job Link website, a platform used for job searching. The breach, which occurred due to a fault in the application code, led to the theft of personal information, including names, birth dates, and social security numbers, of nearly 4.8 million job seekers. The report investigates the causes of the incident, the potential solutions, and the importance of website security. It highlights how hackers exploit vulnerabilities and suggests measures like software updates, server-side and browser-side validation, complex passwords, and encryption to prevent such attacks. Additionally, the report mentions security tools like Netsparker, OpenVAS, and SecurityHeader.io that can be used to safeguard websites against breaches. The conclusion emphasizes the critical role of security in protecting sensitive data stored in databases and preventing potential harm to websites and users.

Running head: INFORMATION SECURITY
INFORMATION SECURITY
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2INFORMATION SECURITY
Table of Contents
Introduction......................................................................................................................................3
How and why did the situation arise?..............................................................................................3
Possible solution to the problem......................................................................................................3
Conclusion.......................................................................................................................................5
References........................................................................................................................................6

3INFORMATION SECURITY
Introduction
The security aspect of any website plays a vital role in every sphere. The data involved in
the website as in the database should be kept secured and kept active all the time. America’s job
link is a web based portal that is mainly used by people to connect with organization in order to
get a job. The company revealed that their system was hacked which actually lead to fault in the
code of application (Fennelly, 2016).
This report puts lime light on the whole scenario and deals with the aspect that how and
why the situation occurred and what could have been the possible solution.
How and why did the situation arise?
The website was formed in order to achieve jobs and help people to get job. The
company reported that the hacker was able to hack the website would immediately lead to fault
in the application code of the website. The criminal was able to get all the personal information
of nearly 4.8 million job seekers which included mainly their full name, birth date and security
number related to social. The activity took place in the year 2017. The person who had given all
the related information before the attack was eventually lost and they had to again give the
information in order get the proper intended result. The activity was uncovered in the ten states
that mainly used the Americas job link system. Some of states that were in the list are Arkansas,
Delaware, Idaho, Kansas, Oklahoma and Vermont (Fonseca & Rosen, 2017).
Possible solution to the problem
It can be noted that almost all the times it has been seen that majority of the website
security breaches are mainly not done in order to get the data and use them for the personal

4INFORMATION SECURITY
benefit of the hacker, but the main motive behind the attack is that they intent to use the server in
order to send emails relay for spam or in order to set up a web server which would be temporary
in order to serve files which are of illegal nature (Cutinha et al., 2017) There can be many ways
in order to protect the website or in this case possible solution of the event. Keeping all the
software up to data and installing all the security patches available in order to keep all the data
secured. Validation should always be done both from the servers end as well as from the
browsers end. The aspect of password plays a vital role in securing any account. The user should
always keep a complex password which cannot be easily detected by any other person. The
password should always be stored as encrypted values; this can be done by implementing a one
way hashing function for example SHA. Using this method means with the prospective of the
user authenticating users, the user only ever comparing the encrypted values (Dadkhah,
Borchardt & Lagzian, 2017).
Uploading a file in a website, in this case uploading the bio data should be believed to be
the most important aspect which can be directly related to website security breach, even if it is
merely done to change an individual’s avatar. Opening a file or reading a pdf or using any sort of
function which can be done in order to check the image size are not at all proof (Patel &
Pathrabe, 2017).
There are many tools which are available that can be used in order to safe guard a
website. The tools are as follows
1. Netsparker: This is good for testing SQL injection and XSS.
2. OpenVAS: It is claimed to be the most advanced source which is considered as open
software. The main advantage that can be received by this is that it is good for testing known as

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5INFORMATION SECURITY
vulnerability, currently which scans over 25000. On the other hand its set up is difficult as it
requires a OpenVAS server which only run on linux system (Ramayah et al., 2016)
3. SecurityHeader.io: A tool which can be used to report quickly which security headers
such as CSP and HSTS a domain has correctly configured and enabled.
Conclusion
The security aspect of any website can be considered as one of the most important
aspects. There is usually a huge amount of data which is stored in a database; in case a breach is
performed by a hacker on the system it could lead to a big problem even the website could be on
harm. The security aspect can be employed in the field which can be directly implemented and
taken advantage of. The hacker intends to breach in order to gain benefit for their personal issue
but with the implementation of the security features it can be avoided.

6INFORMATION SECURITY
References
Cutinha, S., Rodrigues, S., Sanjay, P., & Supreetha, R. (2017). Connectify-A Social Networking
Website. Advances in Computing, 7(2), 35-39.
Dadkhah, M., Borchardt, G., & Lagzian, M. (2017). Do You Ignore Information Security in
Your Journal Website?. Science and engineering ethics, 23(4), 1227-1231.
Fennelly, L. (2016). Effective physical security. Butterworth-Heinemann.
Fonseca, B., & Rosen, J. D. (2017). Introduction. In The New US Security Agenda (pp. 1-15).
Springer International Publishing.
Patel, P. P. R. P. V., & Pathrabe, T. (2017). Survey of Privacy and Security Issues in Spice
World E-Commerce Website.
Ramayah, T., Ling, N. S., Taghizadeh, S. K., & Rahman, S. A. (2016). Factors influencing SMEs
website continuance intention in Malaysia. Telematics and Informatics, 33(1), 150-164.