Peoplesharz.Com Case Study – A Fictitious Analysis Of A Security Breach

Background:

PeopleSharz is an Internet Start-up founded in late 2011 riding on the Social Media boom of the late 2000s. Established by former university colleagues Mark Bukerzerg (current CEO) and Peter Tweet (CTO), the company in early 2013 had over 1.2M signed-up users from across the globe.
While in the scheme of things, the user base numbers seem good, both Mark and Peter know, that to achieve a critical mass of users that will establish PeopleSharz as a “player” in the Social Media space, they will need to reach numbers upwards of 100M users.

Internet start-ups are springing up all the time – weekly, thousands of new Social Media applications are released on the Internet and while PeopleSharz has established a strong presence and following, the company is continually innovating and responding to user requirements, industry trends and competitive challenges. Mark and Peter’s 20 person Development Workshop based in Sydney’s upcoming Technology Hub, Redfern, is a busy and dynamic environment.

PeopleSharz is aiming to become financially self-sufficient by the end of 2014 at the latest. It is at this time that their venture capital funds will be exhausted but they estimate, once they hit the 50M user mark, and have deployed into production their new advertising revenue model, (both aggressively targeted for October, 2013), they will have positive financial results.
April 21st, 2013: Major New Media News Site Headlines:

“New Start-up PeopleSharz Hacked – User Passwords Dumped on Pastebin”.

Waking up to news overnight that their site has been hacked and that the hacker has posted all their client details, including passwords on Pastebin has shocked Mark and Peter. Time is of an essence so an emergency teleconference is organised between Mark, Peter and Phil Jones, (the Technical Support Manager at HotHost1 – a cloud services company where the PeopleSharz environment is hosted). The teleconference firstly confirmed that the information posted on Pastebin was in fact real. PeopleSharz seemingly has been hacked. From then on, the teleconference degenerated into blame games between PeopleSharz and the hosting provider HotHost1– each side blaming the other for the incident and each putting the onus of an incident response on the other’s shoulders – each side stating that they had no experience with security incident response and it was not their fault nor responsibility. BUT, all did agree that something had to happen quickly!

April 21st, 2013, 9:45am:

Offices of HackStop Consulting

A quiet morning for you on April 21st, 2013 until 9:45am when a call reaches your desk. As a Senior IT Security Consultant at HackStop Consulting, you’ve had calls like this many times. It’s time to get your game on again! Time to visit the offices of PeopleSharz. Their CEO, CTO and a Manager from their hosting provider HotHost1 are desperate to meet with you.

Scroll to Top