Cyber Security Incident: Literature Review on the eBay Data Breach

Verified

Added on 2023/01/19

AI Summary

This report presents a literature review focused on the 2014 eBay cyber security incident, where a data breach compromised the personal information of 145 million users. The review examines the background of eBay, the incident's description, and the analysis from a security management perspective. It delves into the vulnerabilities that led to the breach, including employee credentials and inadequate security measures. The report discusses the incident's impact, including the need for password resets and the potential for phishing attacks. Furthermore, it analyzes the communication strategies employed by eBay following the crisis and offers opinions on the incident, emphasizing the importance of proactive security measures and employee training. The conclusion summarizes the key findings and offers suggestions for improving cyber security practices, such as data encryption, enhanced transaction controls, and proactive vulnerability assessments, to prevent future incidents. The report highlights the necessity of a comprehensive approach to cyber security, involving both technical safeguards and employee awareness.

Running head: LITTERATURE REVIEW ON CYBER SECURITY
LITTERATURE REVIEW ON CYBER SECURITY OF EBAY
Name of the Student
Name of the University
Author note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
LITTERATURE REVIEW ON CYBER SECURITY
Abstract
In this literature review we have evaluated the eBay hack case and confirmed several attempts on its
network, it might have taken further steps. The literature review focused on an incident which has
breached the security system of the EBay on the month of May 2014 and has evaluated the
precautionary steps that lacked off in the system. The implementation of the better security walls in
the network secures the transaction by the EBay employees to the customers. The security measures
along with the background of the incident and the description with analysis on the security
management is evaluated in this report.

2
LITTERATURE REVIEW ON CYBER SECURITY
Table of Contents
Introduction:.............................................................................................................................3
Discussion:...............................................................................................................................3
Background of the company and the incident:......................................................................3
Incident Description:............................................................................................................4
Analysis of the incident from the security management point of view:................................4
Opinion on the eBay hack case:............................................................................................6
Conclusion:...............................................................................................................................6
Suggestion:...............................................................................................................................7
References:...............................................................................................................................8

3
LITTERATURE REVIEW ON CYBER SECURITY
Introduction:
The aim of the literature review is to focus on an incident of cyber security case which has
breached valuable information of the customers and the organization. The project also evaluates the
need of cyber security in every organization dealing with the customer information. Cyber security
refers to the process of protecting the internet based connected systems [11]. It also includes the
protection of hardware, software and data from the web attacks or commonly known as the cyber
security and prevents from accessing the unauthorized data from the data centers. This literature
review will also evaluate the cyber security incident of EBay data theft hack that happened in a series
during the years of 2014 and 2015.
Discussion:
Background of the company and the incident:
EBay is a multinational e - Commerce Company. The company is located in San Jose,
California, United States of America. The company facilitates the sales for consumer through its own
created website all over the world. During, 1995, Pierre Omidyar founded eBay and became a
remarkable business success story. The EBay is now a multi - billion dollar business that is been
operated in around 30 countries [2]. The company manages their own website which is the eBay
website, and works as an online auction and shopping purpose website. In this website the people and
businesses are able to buy and sell a wide range of goods and offer a wide range of services
worldwide. The website is made free for buyers to access and use. They only have to login and create
their own shopping profiles which can be created at free of cost, but the sellers are charged some
amount of fees for listing their items after a limited number of free listings and again when those
items have been sold. Besides the original auction conducted by eBay, there is an eBay style sales
department, the website has came up with a new facility of the buy it now option for the customers
which has created an great expansion and fame to the organization globally. Universal Product Code,
ISBN or other shopping of SKU numbers, online classified advertising, online trading of event

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
LITTERATURE REVIEW ON CYBER SECURITY
tickets, and other services are made available to the users globally. EBay, a wholly-owned eBay
subsidiary from 2002 to 2015, has previously offered online money transfers as part of its services.
On May 21, 2014, The company found that between late February and early March the
consumer database of usernames, passwords, phone numbers and physical addresses was infringed
[1]. the passwords were advised to be changed by the users after the incident came to the news and
public notice. The user profiles that have not yet done so have been given a change password feature
to speed this up. The Syrian Electronic Army took over the assault, which was stated by the SEA [3].
Incident Description:
The first report that was published mentioning the attacks were received from the
headquarters of the EBay in San Jose, California, United States on May 21, 2014. The EBay security
breach has affected a population of 145 million users [4]. The hacker was able to access the network
of eBay through the login credentials of an employee and gain access to information such as
usernames, passwords, physical addresses, telephone numbers and birth date. The hacker(s) also had
passwords available, but the likelihood that they would be compromised is low because the passwords
were in encrypted form. The larger the company, the more assets it has and depends on, the more
difficult it is to discuss exactly how the security breach occurred which was stated by the IT
Consultants. There was lack of creating and maintaining a separate small team for the purpose of
managing small segments of the organization like maintaining the firewall for the company which
was mostly needed in this case. Creating a top - down and bottom - up communication structure to
report on the status of such assets is key to preventing future data breaches for an organization. Due to
the security breach the EBay requested the users to change their passwords. Creating a top - down and
bottom - up communication structure to report on the status of such assets is key to preventing future
data breaches for an organization. The passwords were asked to change as it may be possible for the
hacker to access the eBay account of the user or other accounts using the same password. Although
financial information has not been taken, it is important to note that eBay was then in the spotlight,

5
LITTERATURE REVIEW ON CYBER SECURITY
given the latest infringement at Target, and was under a magnifying glass on how to handle crisis
management.
Analysis of the incident from the security management point of view:
The incident of the hacking of eBay has put at risk the private information of their users and
the strategy of communication that was subsequently utilized by eBay to get connected with the users.
Four main topics are explored in this research which is directly related to the hacking incident and the
consequences on the eBay users. Better communication strategies that could have been used by eBay
after the crisis. The strategies could have been focused on how eBay rebuilds their own user
confidence and how can eBay avoid future incidents like this kind of hacker attacks. This research
fre[ort aims to evaluate and demonstrate the relevance of online websites and their trust, privacy,
transparency and security to identify how online consumer behavior changes due to incident breaches
And to outline the better strategies of communication to be used after a attack crisis due to hacking.
Quantitative methodology for understanding the consequences was developed due to the hacking
crisis on eBay and identifies better communication strategies that could have been utilized by the
company. The low maintenance and security vigilance on the server side that can access the database
is the key factor that leads to the interruption in the network by the hackers that lead to the access in
database by the hackers [12]. The Australian Information Security association (AISA) has stated that
the compromise of eBay's log - in credentials emphasizes that the bulk of an information security
budget was no longer working to combat external threats. The data leak ha s originated from the
employees by the intentional theft that was lost or stolen devices exposure. Poorly managed privileged
credentials increasingly leave organizations as vulnerable as a firewall hole and sensitive information
can easily be in the wrong hands. If financial data were kept together with passwords and personal
customer details, the eBay compromise could have been worsened. Because eBay usernames, physical
address, email address, date of birth and phone number were included in database, this infringement
opens the possibility for other types of scams such as phishing attempts. This Provides server and
network administrators with an important reminder that security is the responsibility of all. It is clear
that the security of their online accounts is the responsibility of all users [9]. As we continue to shift

6
LITTERATURE REVIEW ON CYBER SECURITY
more of our daily tasks to online services and with an increasing number of threat vectors that can be
used by bad guys, we cannot rely solely on a strong password to keep data and accounts secure. From
the security management point of view, the eBay officials should have followed the three parameters
of managing online data security [7]. The control on employee access segregating the key systems
and managing the personal passwords are the key parameters of security.
Opinion on the eBay hack case:
There are plenty of security measures such as gesture of analytics and user and entity of
behavior analytics that can significantly reduce the risk of fraudulent payments after the hack of
credentials from the eBay sites. These measures must be implemented by EBay for the Use of proper
detection measures and preventive steps could have resisted the kind of fraud that has been committed
by the use of vigorous malware. The organization priory warned that this new discovery shows that
the malware used in the previously reported customer incident was not a single incident, but part of a
wider and highly adaptive banking campaign. The system managers have neglected much areas of
threat without sensing the vulnerability of the system when it may be attacked by the hackers. The
casual behavior towards the safety of their gateway portal has created much nuisance [6]. EBay is in
charge of the network. It is the responsibility of anyone who originates or sends payments to ensure
that they do not click on malicious links or phishing emails, that they do not have any malware which
is on their systems which are well-defended cyber [8]. On further investigation it was also found that
the Employees at these banks appear to have been recruited in the dark web by criminals [4]. This
becomes a very common event. Disgruntled employees working with cyber criminals constitute a
vital threat to the eBay server and the credential lists [5]. The employees help cyber criminals learn
about the complex internal functioning of bank payment systems. There was no intension to change or
upgraded their existing systems, knowing the amount of importance of the job that is done in their
organization.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
LITTERATURE REVIEW ON CYBER SECURITY
Conclusion:
In this literature review we can conclude that although the EBay company has confirmed
several attempts on its network and also alerted its customers, it might have taken some extra
precaution steps. EBay should provide the safety guidelines not only for its own network, but also for
the customers to periodically review the status in order to penalize employees or the teams responsible
that do not adhere to the clause [6]. Security must be integrated into the central server of Ebay right
from their headquarters. The only solution is to have independent cyber security penetration testing by
Regulators that take seriously any gap or vulnerability in the BFSI sector and then prosecute them
[10].
Suggestion:
It will be safer to encrypt consumer data in the database and keep the key. Review controls
for foreign transactions isolate them from other systems and implement high - risk controls, a warning
system or dash board to review them. In the event of an attack, report to regulators central bodies
Instead of identifying vulnerabilities silently [8]. The vulnerability assessments should be conducted
by the BFSI sector. They should always conduct penetration tests for real security rather than
conformity.

8
LITTERATURE REVIEW ON CYBER SECURITY
References:
[1] J. Pagliery. Ebay customers must reset passwords after major hack. 2014.
[2] L. Kelion, eBay makes users change their passwords after hack. Retrieved January, 28, p.2018.
2014.
[3] J. Sidhu, R. Sakhuja, and D. Zhou, Attacks on Ebay.
[4] W.T. Teo, T.K. Toh, and H.H Chung, Advanced Network Technology Laboratories Pte
Ltd.,. System and method for securing a network session. U.S. Patent 9,112,897. 2015.
[5] P. Coggin, Bending and Twisting Networks BSides Vienna.
[6] M. R. Randazzo, M. Keeney, E. Kowalski, D. Cappelli, and A. Moore. Insider threat study: Illicit
cyber activity in the banking and finance sector (No. CMU/SEI-2004-TR-021). CARNEGIE-
MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST. 2005.
[7] Thompson, R.W., International Business Machines Corp, 2013. Tracking file contents. U.S. Patent
Application 13/613,318.
[8] A. SAULLO and D. GUTTADORO. Data protection in policy evolution: management of base and
surface encryption layers in OpenStack swift, 2016.
[9] Almomani, A., Gupta, B.B., Atawneh, S., Meulenberg, A. and Almomani, E., 2013. A survey of
phishing email filtering techniques. IEEE communications surveys & tutorials, 15(4), pp.2070-2090.
[10] F. S. Tsai and K. L. Chan. Detecting cyber security threats in weblogs using probabilistic
models. In Pacific-Asia Workshop on Intelligence and Security Informatics (pp. 46-57). Springer,
Berlin, Heidelberg. April 2007.
[11] R. Von Solms and J. Van Niekerk. From information security to cyber security. computers &
security, 38, 97-102, 2013.