eBay Hit With Another Phishing Scam, User Credentials Compromised



It hasn’t been a good year for people wanting to keep their personal data safe. More than a few high profile data breaches, leaks, and hacks, have hit everybody from Target, Home Depot, celebrities, and just about everybody in between.  Add eBay to the list of those affected, as it’s recently been uncovered that the online auction site has allowed nefarious content in listings that has been used to obtain user’s private information.

The main problem seems to be with eBay’s allowance of “active” content created using Flash and Javascript. Anybody who’s even installed a virus scanner already knows the sorts of problems that can arise with Flash, so this doesn’t seem like the best practice for eBay to have. This has allowed attackers to use cross-site scripting to send users to another site, while still presenting the user with a familiar eBay page. When asked to log in again, the user’s account has been compromised.

This might not be quite so big of a deal if eBay had only recently received complaints about this practice and started working to address user concerns, but the real sad trombone moment comes when it comes to light that eBay has been aware of the problem since February, and to date has not taken any measurable steps to address the issue.

Top Tech News details the damage:

eBay removed several posts as a result of the stories, and said that it would continue to review site content for malicious postings. However, the company told the BBC that it viewed the vulnerability as an isolated incident, saying that hackers “intentionally adapt their code and tactics to try to stay ahead of the most sophisticated security Relevant Products/Services systems.”

Although eBay said it moved quickly to address complaints of the flaw once it became aware of it, the BBC said it spoke with users who have been complaining about the vulnerability to eBay since at least February. The news service found 64 listings posted in the last 15 days that could pose threats to users.

Ouch… So are any of us really safe online? Can we trust any site to have our best interests in mind when it comes to our data? Let us know what you think in the comments, or on your social network of choice.

Source: Top Tech News

To Top