“A Data Breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personally identifiable information (PII), trade secrets of corporations or intellectual property. Most data breaches involve overexposed and vulnerable unstructured data – files, documents, and sensitive information.
Ebay Data Breach
One of the real-life examples describing the need for information and network security within the corporate network is eBay Data Breach. Ebay is well-known online auction platform that is widely used all over the world.
Ebay announced its massive data breach in 2014 which contained sensitive data. 145 million customers were estimated having data loss in this attack. According to eBay, the data breach compromised the following information including:
- Customer’s names
- Encrypted passwords
- Email Address
- Postal Address
- Contact Numbers
- Date of Birth
These sensitive information must be stored in an encrypted form that uses strong encryption. Information must be encrypted, instead of being stored in plain text. eBay claims that no information relating to Security numbers like credit cards information was compromised, although identity and password theft can also cause severe risk. eBay database containing financial information such as credit cards information and other financial related information are claimed to be kept in a seperate and encrypted format.
The Origin of eBay data breach for hackers is by compromising a small a number of employees credentials via phishing in between February & March 2014. Specific employees may be targeted to get access to eBay’s network or may eBay network was entirely being monitored and then compromised. They claimed detection of this cyberattack within two weeks.
Google Play Hack
A Turkish Hacker, “Ibrahim Balic” hacked Google Play Twice. He conceded the responsibility of the Google Play Attack. It was not his first attempt; he acclaimed that he was behind the Apple Developer site attack. He tested vulnerabilities in Google’s Developer Console and found a flaw in the Android Operating System, which he tested twice to make sure about it causing crash again and again.
Using the result of his vulnerability testing, he developed and android application to exploit the vulnerability. When the developer console crashed, users were unable to download applications and developers were unable to upload their applications.
The Home Depot Data Breach
Theft of information from payments cards, like credit cards is comman nowadays. In 2014, Home Depot’s Point of Sale Systems were compromised. A released statements from Home Depot on the 8th of September 2014 claimed breach of thier systems.
The attacker gained access to third-party vendors login credentials and accessed the POS network. Zero-Day Vulnerability exploited in Windows which created a loophole to enter the corporate network of Home Depot to make a path from the third-party enviorment to Home Depot’s network. After accessing the corporate network, Memory Scrapping Malware was released then attacked the Point of Sale terminals. Memory Scraping Malware is highly capable; it grabbed millions of payment cards information.
Home Depot has taken several remediation actions against the attack, using EMV Chip & Pin payments cards. these Chip & Pin payment cards has a security chip embedded into it to ensure duplicity with magstripe.
How to prevent data breaches:-
There is no one security product or control that can prevent data breaches. The most reasonable means for preventing data breaches involve commonsense security practices. This includes well-known security basics, such as conducting ongoing vulnerability and penetration testing, applying proven malware protection, using strong passwords/passphrases and consistently applying the necessary software patches on all systems. While these steps will help prevent intrusions into an environment, information security (infosec) experts also encourage encrypting sensitive data, whether it is stored inside an on-premises network or third-party cloud service. In the event of a successful intrusion into the environment, encryption will prevent threat actors from accessing the actual data.
Additional measures for preventing breaches, as well as minimizing their impact, include well-written security policies for employees and ongoing security awareness training to promote those policies and educate employees. Such policies may include concepts such as the principle of least privilege (POLP), which gives employees the bare minimum of permissions and administrative rights to perform their duties. In addition, organizations should have an incident response plan (IRP) that can be implemented in the event of an intrusion or breach; an IRP typically includes a formal process for identifying, containing and quantifying a security incident.