Email
Password
Remember meForgot password?
    Log in with Twitter

article imageSerious eBay flaw exposes customers to malicious website risk

By Tim Sandle     Sep 20, 2014 in Technology
A dangerous flaw that has exposed eBay customers to malicious websites has been affecting the site since at February 2014.
This week the owners of eBay revealed how clicking on some listings automatically redirected users to the harmful sites. The hack involved malicious Javascript code being placed within product listing pages. This code served to automatically redirect those users who clicked it through a series of other websites, so that they ended up at the page asking for their eBay log-in and password. This fake page was then used to steal user's identities.
What the people behind the commerce site did not reveal was that the problem has been around since at least February, according to BBC News.
eBay has said that it has removed several posts and that there are no longer any malicious links on its site. This has not stopped the site from receiving pointed criticism. Interviewed by The Daily Telegraph, Chris Oakley, principal security consultant at Nettitude said: "The preventions are well understood and one would expect all organisations – particularly those with vast quantities of customer data to protect – to have the required defences in place."
To add to this, Paul Ayers, vice president EMEA at Vormetric, told the magazine computing:
"It is unfortunate that eBay has once again found itself under fire for failing to respond adequately to a data breach incident. To make matters worse, this latest report comes just a little too soon after attacks on its database and daughter site, Stubhub, which exposed user credentials."
This damaging news comes after eBay suffered a massive security breach in February, which resulted in up to 233 million people having their personal details stolen. This forced all eBay users to change their passwords.
More about Ebay, Virus, Websites
More news from
Latest News
Top News