2014 Cyber Attack On Ebay: Idris Noori, Manusha Patabendi, Ali Malik
2014 Cyber Attack On Ebay: Idris Noori, Manusha Patabendi, Ali Malik
2014 Cyber Attack On Ebay: Idris Noori, Manusha Patabendi, Ali Malik
Encryption
Allows eBay to see your actual password.
Password hashing
Allows eBay to check if the password you enter is correct or not, but doesn't
allow eBay to get the plaintext of your actual password
EBay was using encryption, which is the more easily broken
Many consumers use the same password on multiple sites
The attackers will quickly take over accounts across the web wherever
a user reused their username and password on another site
Agent
Possibilities
Social engineering attack
Web application vulnerability
Cookie re-use vulnerability
Shell On eBay Server
Fallout
Vulnerable to indentify
theft, could eBay users'
identities be up for auction
on the black market?
Exploiting Stolen Accounts
"In some cases you go in and find the smoking gun immediately.
Other times, it takes a few days or even a few weeks," said Kevin
Johnson, a cyber-forensics expert
Other information my have been comprised
Has not brought to our attention
Possible backdoors
Incident Response
• http://thehackernews.com/2014/05/worst-day-for-ebay-multiple-flaws-leave.html
• https://twitter.com/CEHSecurity/status/469718659313979393
• http://www.darkreading.com/attacks-breaches/ebay-breach-is-your-identity-up-for-auction/a/d-id/1269162
• http://www.wired.com/2014/05/ebay-demonstrates-how-not-to-respond-to-a-huge-data-breach/
References
• http://bgr.com/2014/05/27/ebay-hack-145-million-accounts-compromised/
• http://www.reuters.com/article/2014/05/23/us-ebay-cybercrime-idUSBREA4M0PH20140523
• https://www.netsparker.com/blog/web-security/learn-ebay-database-hack-attack/
• http://www.forbes.com/sites/ryanmac/2014/05/23/as-ebay-notifies-users-of-hack-states-launch-investigation/
• http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords
• http://en.wikipedia.org/wiki/Syrian_Electronic_Army
Thank You!