In some the recent cyber attacks, eBay and its users were compromised by using some of the traditional attacks in a new way. The malicious hackers this time took the help of phishing pages. Phishing is a technique that is used by hackers to make users sign in onto a fake legit looking pages of the websites. However, the hackers this time didn’t follow the traditional way and uploaded the phishing pages via the product listings.
According to the security experts, hackers listed their products on the eBay, which were linked with a phishing page, as soon as the user clicks on the page, it is taken to a fake login page. Everything was looking legit, and no one had any idea about it until random purchases and transactions came up in the log.
Hackers were able to take over a user account once they log in through that phishing page, eBay on this said, “criminals intentionally adapt their code and tactics to try to stay ahead of the most sophisticated security systems.”
The company has a bad reputation about not responding to the security threats as quickly as they should. The experts say that the company must act swiftly to remove these types of vulnerability. It is near impossible to make a website this large free from vulnerabilities, and the one like XSS can easily make their way into the product, however, a quick respond is required to fix them.
eBay punked their shareholders and site members over the hacks. Management stonewalled announcement of breach in hopes of maintaining stock price.
[…] 22, 2014: The Westside Story eBay user credentials compromised, crucial data exposed to hackers… More Info September 20, 2014: Wall Street Journal Western-Wear Retailer Sheplers Reports Data Breach… More […]