Security Breach Example 1

Security Breach Example 1

Security Breach Example 1:

  • The online password manager, LastPass, identified surprising movement on its network in July 2015.

  • It was later found out that hackers had taken client email addresses, password reminders, and verification hashes.

  • Luckily for the clients, the hackers couldn't get anybody's encoded password vaults.

  • Despite the fact that there was a security breach, LastPass might in any case defend the clients' account data. 

  • LastPass requires email confirmation or multi-factor validation at whatever point there is a new login from a gadget or IP address.

  • The hackers would likewise require the master password to access the account.

  • LastPass clients additionally have some liability in defending their accounts.

  • The clients ought to constantly utilize complex master passwords and change the master passwords occasionally.


  • Clients ought to continuously be careful with Phishing attacks.

  • An illustration of a Phishing attack would be on the off chance that an attacker sent messages claiming to be from LastPass.

  • The messages request that the clients click an implanted connection and change the password.

  • The connection in the email goes to a fake version of the site used to steal the master password.

  • The clients ought to never tap the implanted connections in an email.

  • The clients ought to likewise be cautious with their password reminders. The password reminder shouldn't offer your passwords.

  • In particular, the clients ought to empower multifaceted confirmation when available for any site that offers it.

  • If the clients and service suppliers both use legitimate devices and methodology to defend the clients' data, the clients' data might, in any case, be safeguarded, even in case of a security breach.

Security Breach Example 2:

  • The high-tech toy creator for kids, Vtech, experienced a security breach of its database in November 2015.

  • This breach could influence a huge number of clients all over the planet, including youngsters.

  • The data breach uncovered delicate data including client names, email addresses, passwords, pictures, and chat logs.

  • A toy tablet had turned into another objective for hackers.

  • The clients had shared photographs and utilized the chat highlights through the toy tablets.

  • The data was not protected as expected, and the organization site didn't uphold secure SSL correspondence.

  • Despite the fact that the breach uncovered no credit card data and individually recognizable proof data, the organization was suspended on the stock exchange in light of the fact that the worry over the hack was so huge.

  • Vtech didn't shield the clients' data appropriately and it was uncovered during the breach.

  • Despite the fact that the organization illuminated its clients that their passwords had been hashed, it was as yet available for the hackers to interpret them.

  • The passwords in the database were mixed utilizing MD5 hash work, yet the security questions and answers were stored in plaintext.

  • Tragically, MD5 hash work has known weaknesses. The hackers can decide the first passwords by looking at a huge number of pre-determined hash values.


  • With the data uncovered in this data breach, cybercriminals could utilize it to make email accounts, apply for credits, and carry out wrongdoings before the youngsters were mature enough to go to school.

  • For the guardians of these youngsters, the cybercriminals could assume control over the online accounts because many individuals reuse their passwords on various sites and accounts.

  • The security breach not just affected the privacy of the clients, it destroyed the organization's reputation, as shown by the organization when its presence on the stock exchange was suspended.

  • For guardians, it is a reminder to be more careful about their youngsters' privacy online and request better security for kids' items. 

  • For the makers of network-connected items, they should be more serious about the security of client data and privacy now and later on, as the cyberattack scene develops.

Types of Attackers

  • Attackers are people or groups who endeavor to take advantage of weakness for individual or monetary profit. Attackers are keen on everything, from credit cards to identity and anything with value.


  • These individuals are called Script Kiddies. They are typically attackers with almost no expertise, frequently utilizing existing devices or guidelines tracked down on the Internet to send off attacks.

  • Some of them are only curious minds, while others are attempting to demonstrate their abilities and hurt people. They might be utilizing essential tools, yet the outcomes can in any case be harsh.


Black/White, Grey Hat

  • This team/group/category of attackers breaks into PCs or networks to get entrance. Based upon the aim of the break-in, these attackers are differentiated as white, gray, or black hats.


  • The white hat attackers break into networks or PC systems to find shortcomings with the goal that the security of these systems can be moved along

  • These break-ins are finished with earlier authorization and any outcomes are accounted for back to the proprietor. 

  • Then again, black hat attackers exploit any weakness for unlawful things, monetary or political benefits.

  • Grey hat attackers are somewhere close to white and black hat attackers. The grey hat attackers might track down weaknesses in a system.

  • Grey hat hackers might report the weakness to the proprietors of the system assuming that activity corresponds with their plan.

  •  Some gray hat hackers distribute current realities about the weakness on the Internet so different attackers can take advantage of it.