Important Data Breach in the history, heading 1
Important Data Breach in the history
eBay Data Breach
One of the real-life examples describing the need for information and network security within the corporate network is eBay data breach. eBay is well-known online auction platform that is widely used all over the world.
eBay announced its massive data breach in 2014 which contained sensitive data. 145 million customers were estimated having data loss in this attack.
According to eBay, the data breach compromised the following information including:
- Customers’ names
- Encrypted passwords
- Email address
- Postal Address
- Contact Numbers
- Date of birth
These sensitive information must be stored in an encrypted form that uses strong encryption. Information must be encrypted, instead of being stored in plain text. eBay claims that no information relating to Security numbers like credit cards information was compromised, although identity and password theft can also cause severe risk.
eBay database containing financial information such as credit cards information and other financial related information are claimed to be kept in a separate and encrypted format.
The Origin of eBay data breach for hackers is by compromising a small number of employees credentials via phishing in between February & March 2014. Specific employees may be targeted to get access to eBay’s network or may eBay network was entirely being monitored and then compromised. They claimed detection of this cyberattack within two weeks.
Google Play Hack
A Turkish Hacker, “Ibrahim Balic” hacked Google Play twice. He conceded the responsibility of the Google Play attack. It was not his first attempt; he acclaimed that he was behind the Apple’s Developer site attack. He tested vulnerabilities in Google’s Developer Console and found a flaw in the Android Operating System, which he tested twice to make sure about it causing crash again and again.
Using the result of his vulnerability testing, he developed an android application to exploit the vulnerability. When the developer’s console crashed, users were unable to download applications and developers were unable to upload their applications.
The Home Depot Data Breach
Theft of information from payment cards, like credit cards is common nowadays. In 2014, Home Depot’s Point of Sale Systems were compromised. A released statement from Home Depot on the 8th of September 2014 claimed breach of their systems.
The attacker gained access to third-party vendors login credentials and accessed the POS networks. Zero-Day Vulnerability exploited in Windows which created a loophole to enter the corporate network of Home Depot to make a path from the third-party environment to Home Depot’s network.
After accessing the corporate network, Memory Scrapping Malware was released then attacked the Point of Sale terminals. Memory Scraping Malware is highly capable; it grabbed millions of payment cards information.
Home Depot has taken several remediation actions against the attack, using EMV Chip-&-Pin payment cards. These Chip-& Pin payment cards has a security chip embedded into it to ensure duplicity with magstripe.
Leave a Reply