eBay Puts Its Users at Risk

If you've ever made any purchases online, you know how convenient it may be, and how risky it usually is. Sometimes, surprises await us where we expect them less to appear. This is exactly what happened with eBay, the world-wide shopping service.

Several links were noticed to fraud eBay users, redirecting them to the fake online marketplace welcome page. The tricksters used the technique known as a cross-site scripting attack. A malicious Javascript code was fused into product listing pages. It automatically redirected victims through several websites bringing them to that tricky page. One click on the listing led to the browser hijacking.

Dr Steven Murdoch, a member of the University College London's Information Security Research Group, mentioned that the code had potential for further malicious actions.

eBay is also noticed in late action, as it is said to have been alerted about the hack on Wednesday night, but it removed the infected listings only 12 hours later after the BBC call. The person who originally noticed the issue, Mr Kerr, identified it upon a strange page address he was redirected to.

This is not the first case, when the service is subject to attacks. There have been several cases when users could not log into their accounts and had to change passwords.

Comments