Confidential Information in Form Records-Free Samples for Students

Questions: 1.What was the Problem? 2.How and Why It Occurred? 3.What are the Possible Solutions? 4.What was the Problem? 5.Who were affected and How? 6.How was the attack carried out? 7.What could have been done to prevent the Attack? Answers: Introduction Today at every workplace computers are used to perform various business activities such as storing confidential information in form records, sharing information from one place to other and to communicate with clients and customers at remote locations. The usage of computer systems and internet provides various benefits to its users but on another side, various security issues or security breaches are also encountered by its users. Now in this report we will discuss a news on computer security breach and a case of hack on web. Discussion This segment of report belongs to discussion about a computer security breach that has happened in 2015. There are several cases available on internet on this topic but we have selected one of them and that is Computer Security Breach in VTech Chinese Company. VTech is a Chinese Company which build and develops electronic learning toys. 1.VTech Company faced a data breach and due to this private information of 4.8 million parents and 200,000 children was leaked. The 4.8 million was an estimation and this number varies to 6.7 million. According to statement of VTech Company it was a massive breach because in this computer breach personal details of so many children was leaked and further this detail was used by hackers for hiding their identities. According to a information source, it is found that hackers leaked this information to Motherhood magazine. But in this whole incident credit card information was saved to breach and it was claimed by VTech. The lots of information that was breached by hackers included name of parents, emails, passwords, secret question/answers of parents, hints of passwords, login and registration information of parents. Besides this, Parent addresses of VTech, their account details, child names and images of children and child registration URL and account details were also leaked. The com panys customers were from different countries such as UK, Spain, France and Germany. It was eventually a massive case of computer security breach that was difficult to control quickly (WiseGEEK, 2017). 2.According to investigation of VTech Company, it was found that this computer security breach was occurred due to SQL injection on companys database and this activity helped hackers to leak details of parents and children from database. It is also believed by security experts that outdated platforms are used for vulnerable hacking of database such as ASP.NET 2.0, WCF, SOAP and FLASH. Hackers implemented this security breach to collect personal information of children and their parents, so that this information can be further used by them for hiding their identities and also they wanted to sell this information to Motherhood magazine. The most vulnerable result of this attack was that confidential information of millions of customers of VTech Company lost which cannot be recovered easily (HackRead, 2017). 3.The investigator of VTech Companys security breach case was able to identify devices that are used by kids and also websites that were used frequently. Besides this, some possible solution for this computer security breach are listed as below: It was attack of SQL Injection on ASP.NET platform, so to get this type of attack use an account with restricted permissions in database and try to avoid disclosing information of database error (Healthcare IT News, 2017). To get prevention from above type of attack, it is necessary to protect database by using advanced security features. If database will be secured then it is difficult for hackers to access it (ucsc.edu, 2017). The use of cryptography is a best way to protect data into database and over network. To achieve this, encryption technique is required to use. By this technique whole information will be encrypted into unreadable form and then will be stored into database. It is difficult for hackers to understand data in this form. The database scanning is must by using antivirus or by database scanners such as NeXpose, Oscanner, Kaspersky and McAfee etc. By using these tools, it will be easier to find bugs from database if found any and appropriate solution can be found (Greene, 2017). In case of huge amount of data, it will be better to take backup of data periodically from database and remove that data from online database. Backup data can be stored securely on another database that is out of reach of hackers. In this way, huge amount of data can be saved in form of modules (com, 2017). By implementing these possible solutions, it is possible that company like VTech can save its database from security breaches. It is matter of performance of company and its responsibility towards personal information of its customers and clients. If company will not be careful about this, then it will badly effect its reputation. After discussing about a popular news about computer security breach, now here we will emphasize on a popular case of hacking. In list of most popular hacking cases, the case of eBay is listed. eBay is a well-known ecommerce company. It is commonly used by people for online shopping. This company faced problem of hacking. eBay was suffered with biggest hack in 2014 (Forbes.com, 2017). 4.It is revealed by eBay that hackers had tried to steal personal records of 233 million users. In these personal records, hackers stole usernames, passwords, phone numbers and physical addresses. Hackers successfully hacked eBays confidential information such as login credentials that are required to gain access to sensitive data. After this hacking incident, the main concerning thing for Ebay was that, stolen personal information of its users could leave them to vulnerable identity theft. In this hacking of personal information records, financial information is not stolen by hackers (Msdn.microsoft.com, 2017). 5.The customers of eBay whose personal information was stored into database of company were highly affected with this hacking attack (Hacked: Hacking Finance, 2017). The loss of personal information is not too small to bear. The customers of eBay were affected in a way that hackers could misuse their personal information and can leaked it to other companies. For every company that is providing online shopping services to people, it is essential to secure data of its customers into their databases. If company cannot achieve this successfully then it will put impact over its performance in market (Databreachtoday.in, 2017). 6.This hacking attack is carried out by hackers by stealing login credentials of eBay from its database and then by using these credentials sensitive information from database was stolen. eBay did not clear yet that who was behind this attack. According to SEA it was hacktivist operation but it was not carried out to hack financial accounts of people (Wired.com, 2017). 7.After seeing bad impacts of hacking incident, eBay encouraged its users to change its passwords and also reassured them that their financial information was not stolen. eBay also improved its storage system for storing important information and data was stored in encrypted form into database and it is one of the best ways to protect users information from hacking and phishing attacks. Besides this, some other prevention methods that could have been done by eBay to prevent hacking attacks are listed as below (SearchSecurity, 2017): Use of Database Scanning Tools Periodic Backup of Database Use of Antivirus (Dark Reading, 2017) Use of Database Scanning Tools A company that has number of customers and their information is stored into companys database, it is important for company to keep tracking of database periodically by using database scanning tools such as Oscanner, Kaspersky and McAfee. These tools will help to scan whole database once and if any error or bug will found then that can be fixed immediately. In case of eBay, if it could have been used this tool then from a small activity of hackers with database could alert security professionals. So it will be better to use this option (MakeUseOf, 2017). Periodic Backup of Database Another option that could have been used by eBay is proper backup of database at regular basis. While using online databases, it is common that hackers try to access database in unauthorized ways and leaked data it to others. In this case, if backup of data will be available then heavy loss of data can be controlled. A periodic backup should be taken into another systems database, so that if main database gets damage then alternative database can be used. Use of Antivirus Antivirus can also be used for security purpose. Anti-virus is used for scanning the virus from system and database and then after identifying virus, the fixing of that is also possible with the help of this. eBay Company could have been installed anti-virus into system and could fix small bugs that were used by hackers as weak points. These are some potential solutions that can be used by eBay Company to manage its problems of database security and privacy. It is also responsibility of security professionals of company to be careful about security issues and must find appropriate solutions for that. Various security patches are also available to resolve problems of databases security. Conclusion After this whole discussion we can say that if issues of computer security breaches are increasing day by day then on other side, various solutions are also available. But it is commonly seen that most of the security issues occurs due to improper usage of security tools and by ignoring small errors and bugs of systems that can be formed bigger in future. In case of both VTech and eBay, common problems of leaking of personal information of customers are found and also both companies are not able to identify properly that what is the actual reason for that. Therefore, it is necessary for security experts to be aware about these kind of issues and about their solid reasons. If reasons of computer security breaches will be cleared, only then appropriate solutions can be found. References Databreachtoday.in. (2017). Latest breaking news articles on data security breach. Retrieved 6 April 2017, from https://www.databreachtoday.in/news Dark Reading. (2017). Attacks Breaches News, Analysis, Discussion, Community - Dark Reading. Retrieved 6 April 2017, from https://www.darkreading.com/attacks-breaches.asp Forbes.com. (2017). The Top 5 Most Brutal Cyber Attacks Of 2014 So Far. Retrieved 6 April 2017, from https://www.forbes.com/sites/jaymcgregor/2014/07/28/the-top-5-most-brutal-cyber-attacks-of-2014-so-far/#6d6a9929134d Greene, T. (2017). Biggest data breaches of 2015. Network World. Retrieved 6 April 2017, from https://www.networkworld.com/article/3011103/security/biggest-data-breaches-of-2015.html HackRead. (2017). Top 15 Cyber Attacks and Security Breaches in 2015. Retrieved 6 April 2017, from https://www.hackread.com/top-15-cyber-attacks-security-breaches-in-2015/ Healthcare IT News. (2017). 7 largest data breaches of 2015. Retrieved 6 April 2017, from https://www.healthcareitnews.com/news/7-largest-data-breaches-2015 Huffingtonpost.com. (2017). Security Breach. Retrieved 6 April 2017, from https://www.huffingtonpost.com/news/security-breach/ Hacked: Hacking Finance. (2017). 10 Most Notorious Hackers of All Time | Hacked: Hacking Finance. Retrieved 6 April 2017, from https://hacked.com/hackers/ Its.ucsc.edu. (2017). Security Breach Examples and Practices to Avoid Them. Retrieved 7 April 2017, from https://its.ucsc.edu/security/breaches.html Msdn.microsoft.com. (2017). How To: Protect From SQL Injection in ASP.NET. Retrieved 6 April 2017, from https://msdn.microsoft.com/en-us/library/ff648339.aspx MakeUseOf. (2017). 5 Of The Worlds Most Famous Hackers What Happened To Them. Retrieved 6 April 2017, from https://www.makeuseof.com/tag/5-of-the-worlds-most-famous-hackers-what-happened-to-them/ SearchSecurity. (2017). What is data breach? - Definition from WhatIs.com. Retrieved 7 April 2017, from https://searchsecurity.techtarget.com/definition/data-breach Wired.com. (2017). The Most Controversial Hacking Cases of the Past Decade. (2017). Retrieved 6 April 2017, from https://www.wired.com/2015/10/cfaa-computer-fraud-abuse-act-most-controversial-computer-hacking-cases/ WiseGEEK. (2017). What Is a Computer Security Breach? (with pictures). Retrieved 7 April 2017, from https://www.wisegeek.com/what-is-a-computer-security-breach.htm