This section consists of investigated facts and findings about a data breach that happened in VTech Holdings Limited in November 2015, with the aim of establishing how the breach occurred and why it happened.
Based in Hong Kong, VTech Holdings Limited is an electronic manufacturing company that supplies digital toys products and cordless phones (VTech, 2017). One of VTech’ store was compromised in November 2015 where customer information including children and adult account were illicitly accessed. According to an article by Yadron (2015) published in the wall street journal, five million customer accounts illicitly accessed. Accessed children accounts consisted of their names, birthdate and gender while parents accessed data included their names, addresses, account passwords and downloads history (CNBC, 2015). Experts term VTech Holdings as the largest known hack pointing at youngsters (CNBC, 2015).
The company database were not secured enough. The hacker was able to access them and steal both children and parent’s data and information. The attack gave the intruder access to customer photos and chat data (Kelion, 2016). From the time when VTech learned of its database hack, they have toiled to heighten the security of their web services to protect customer data and information (Kelion 2016). The company was also quick to state that their customer database did not comprise of credit card data and that they do not store or process any customer credit card data on the hacked website. To finalize payments, customers use secure payment gateways (VTech, 2015).
System intrusion through hacking have of recent become a serious threat to companies and they therefore require to be on the lookout. According to an article published by Regis University College computer and information services (2017), some of the reasons why hackers intrude systems illegally include
In the case of VTech Holdings Limited, the hacker on being probed said that the accessed information was for nothing (VTech, 2017). The researcher is of the opinion that the hacker was probably proving his newly acquired hacking skills or that his aim was to look for some information in the data and sell it in the black market. On their website, VTech Holdings Limited expressed that the attack was a carefully planned criminal attack. This surely indicates that the hacker must have had a good reason for illicitly accessing VTech Holdings databases. Since the database did not store credit card details, it is possible the attacker mission bore no fruits since credit card numbers and social security numbers are some of the information sought out by hackers.
Some measures that can avoid systems hacks include the following
Founded in 2011, Snap Inc. is an American transnational social media company based in Los Angeles. Initially, the company dealt with multimedia messaging but has since introduced other products including Spectacles and Bitmoji application (Snap Inc, 2017). In February 2016, Snap Inc. clarified that its payroll section had been attacked through the use of a secluded email phishing trick. The attacker had posed as one of the chief executive officer and requested for employee information (Snap Inc, 2017). It was unfortunate that the swindle was not identified on time and payroll information of previous and present workers had been unveiled (Peterson, 2016). This was not the first time Snap Inc had suffered a data breach attack. In 2014, Snap Inc had experienced a breach that affected approximately 4.6 users where their usernames and phone numbers had been downloaded by an external site (Fung, 2014).
The 2014 Snap Inc data breach affected millions of users in that their personal data was exposed online including their names and phone numbers (Olivarez-Giles, 2014). The attackers behind the breach said that they wanted to get the company’s attention in securing their system (Fung, 2014). The 2016 data breach affected the company’s previous and present day employees by accessing their payroll data and information (Peterson 2016). Snap Inc did not reveal the exact data and information that was at large, but since it was delicate workforce information, it may well could have included the whole lot from salary information including names, email addresses, phone numbers, home addresses, social security numbers and credit card numbers.
According to an article by Perlroth and Wortham (2014), a group of researchers wanted to expose the company’s system vulnerabilities and therefore had accessed the system and exposed customer data and information. This was to be a wakeup call for Snap Inc but the company did not respond quickly to the threat exposure. As a result, the researchers decided to expose the information online after their discovery was ignored by Snap Inc. (Pelroth & Wortham, 2014). On the other hand, the 2016 data breach was as a result of a phishing scam. Snap Inc acknowledged that an employee had freely sent over highly sensitive data and information on belonging to the company’s employees to a hacker (Gael, 2016). The attacker sent an email posing as the company’s Chief Executive Officer asking for payroll records of the employees. (Gael 2016). This clearly demonstrates the importance of internal system security. System data breaches do not necessarily originate from external sources but can be internal like in the case of Snap Inc. Like in the case of Snap Inc, hackers occasionally personate company directors in order to attack and intrude company systems (Gredler, 2016). These kind of intrusions are not easily detected as the victims really think of the attackers as genuine company personnel. It is therefore vital that businesses capitalize on enlightening their staff on email assessment procedures including the following
Several procedures that could have stopped the data breach in attack at Snap Inc include the following
Conclusion
Currently, the rate at which this cyber- attacks are happening is alarming. Advancement in technology has led to an increase in cyber-attacks including malicious codes and threats to computer systems. With the amount of data and information theft growing every day, companies, organizations and institutions are confronted with a challenge of having their data and information retrieved, manipulated and embezzled by unapproved persons. Attackers usually access and sometimes modify data or steal it for individual monetary gains which significantly impacts both an organization and all its stakeholders. Information should be held in reserve, be private and confidential. The Internet has augmented the convenience, approachability, stowage and dissemination of data and information. Corporations are nowadays storing their data and information online on the cloud because it is easy to access and retrieve. However, on the other hand, attacks on the data and information stored online are on the increase being geared by technology advancements. Therefore, it is vital that establishments make use of advanced procedures to protect their data and information from such threats and attacks. Without securing their computer systems, it is clear that business will suffer the adverse effects of illegal information access and theft from hackers.
From the study and analysis of the two hacking cases presented on the report, the researcher recommends that all business organizations adopt and implement secure procedures and controls to protect data and information from intruders. Companies should ensure use of updated software’s, inspect their computer systems to detect system vulnerabilities, and mostly sensitize employees about the importance of checking user authenticity to prevent against phishing scams and social engineering tactics geared at obtaining login information from system administrators.
References
CNBC 2015. VTech hack: Data of 6.4M kids exposed. Retrieved from https://www.cnbc.com/2015/12/02/vtech-hack-data-of-64m-kids-exposed.html
Fung, B. (2014). A Snapchat security breach affects 4.6 million users. Retrieved from https://www.washingtonpost.com/news/the-switch/wp/2014/01/01/a-snapchat-security-breach-affects-4-6-million-users-did-snapchat-drag-its-feet-on-a-fix/?utm_term=.779032607794
Gael, A. (2016). Snapchat Breach and the Biggest Security Flaw Ever. Retrieved from https://news.filehippo.com/2016/03/snapchat-breach-and-the-biggest-security-flaw-ever/
Gredler, C. (2016). Snapchat’s Phishing Attack: A Reminder That Security Starts with Employee Education. Retrieved from https://www.csid.com/2016/03/snapchats-phishing-attack-a-reminder-that-security-starts-with-employee-education/
Judge, K. (2014). Hackers: Why They Do It. Retrieved from https://blog.comodo.com/it-security/hackers-why-they-do-it/
Kelion, L. (2016). BBC NEWS: Parents urged to boycott VTech toys after hack. Retrieved from https://www.bbc.com/news/technology-35532644
Olivarez-Giles, N. (2014). Snapchat Data Breach Exposes Millions of Names, Phone Numbers. Retrieved from https://blogs.wsj.com/digits/2014/01/01/snapchat-alleged-leak-4-million-users/
Peterson, A. (2016). The human problem at the heart of Snapchat’s employee data breach. Retrieved from https://www.washingtonpost.com/news/the-switch/wp/2016/03/01/the-human-problem-at-the-heart-of-snapchats-employee-data-breach/?utm_term=.d43d4802873f
Pelroth, N. & Wortham, J. (2014). Snapchat Breach Exposes Weak Security. Retrieved from https://bits.blogs.nytimes.com/2014/01/02/snapchat-breach-exposes-weak-security/?_r=0
PWC Survey Technical Report. (2015). Information Security Breaches Survey 2015. Retrieved from https://www.pwc.co.uk/assets/pdf/2015-isbs-technical-report-blue-digital.pdf
Secur Envoy (2016). What is 2FA? Retrieved from https://www.securenvoy.com/two-factor-authentication/what-is-2fa.shtm
Yadron, D. (2015). VTech Holdings: Data From 5 Million Customer Accounts Breached. Retrieved from https://www.wsj.com/articles/vtech-holdings-data-from-5-million-customer-accounts-breached-1448896876
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download