eBay user credentials compromised, crucial data exposed to hackers

In some the recent cyber attacks, eBay and its users were compromised by using some of the traditional attacks in a new way. The malicious hackers this time took the help of phishing pages. Phishing is a technique that is used by hackers to make users sign in onto a fake legit looking pages of the websites. However, the hackers this time didn’t follow the traditional way and uploaded the phishing pages via the product listings.

According to the security experts, hackers listed their products on the eBay, which were linked with a phishing page, as soon as the user clicks on the page, it is taken to a fake login page. Everything was looking legit, and no one had any idea about it until random purchases and transactions came up in the log.

Hackers were able to take over a user account once they log in through that phishing page, eBay on this said, “criminals intentionally adapt their code and tactics to try to stay ahead of the most sophisticated security systems.”

However, the spokeswoman said, “This is not a new type of vulnerability on sites such as eBay. This is related to the fact that we allow sellers to use active content like JavaScript and Flash on our site. Many of our sellers use active content like Javascript and Flash to make their eBay listings more attractive. However, we are aware that active content may also be used in abusive ways. Cross-site scripting is not allowed on eBay, and we have a range of security features designed to detect and then remove listings containing malicious code.”

The company has a bad reputation about not responding to the security threats as quickly as they should. The experts say that the company must act swiftly to remove these types of vulnerability. It is near impossible to make a website this large free from vulnerabilities, and the one like XSS can easily make their way into the product, however, a quick respond is required to fix them.