eBay Hack made Buyers’ credential at Danger

eBay; the leading social online shopping site has recently been compromised which has resulted in huge risk for its customers. The hackers or thieves made the eBay site in such a way that customers who clicked on varieties of it links were meant to automatically be diverted to a particular site which is specially designed to take away their credentials. This US virtual shopping giant had suffered from the hack on the last Wednesday night but they were only able to react after a wakeup call coming from the BBC; which is more than twelve hours later after the incident.

This took many experts in this arena as a surprise by the time taken by eBay to revive this illegal activity. Dr Steven, who is from Information Security Research Group in University London said, “EBay is a large company and it should have a 24/7 response team to deal with this – and this case is unambiguously bad”. He was even able to analyze and study the listing before eBay took action to remove it. After examining it, he said that this particular technique that has been used to steal the credentials is known as a cross site scripting attack (XSS). He also explained, “The websites the user is being redirected to are almost certainly compromised by the attacker to hide his or her traces”. It means that the attack involved the attackers stating malicious JavaScript code within the product listing web pages. The code automatically redirected all the affected users via a series of other irrelevant websites that had intentionally ended up asking for their passwords along with the log in access in eBay. All the users had to do were to click the main listing to have their browser information stolen.

Dr Steven also stated, “EBay is pretty competent, but obviously it has been caught out here. Cross-site scripting is well within the top 10 vulnerabilities that website owners should be concerned about. This report relates only to a ‘single item listing’ on eBay.co.uk whereby the user has included a link which redirects users away from the listing page. We take the safety of our marketplace very seriously and are removing the listing as it is in violation of our policy on third-party links”.
This issue had first been identified by an IT worker from Alloa in Clackmannanshire, Paul Kerr; who is also as ‘eBay Powerseller’. After he experienced the attack by clicking on a list for an iPhone that had been redirected, he called the eBay to inform about this illegal act. He told the BBC, “The advert had been up for 35 minutes”.

In the light of this current incident, everyone should know that it is not the first time that eBay has suffered from technical setback in the recent time. eBay had experienced quite a few unexpected incidents where its users were unable to sign in to their accounts while also receiving alerts for putting incorrect passwords.

Leave a Reply