New EBay Flaw Could Allow Hackers to Hijack Accounts

Posted on May 28, 2014 by .

Share and Enjoy:
Follow Me on Pinterest More More

Many of you who utilize eBay often have probably already taken notice to notifications sent by eBay to change your password due to account information being compromised. Now, after users have adhered to that first issue, another issue arises as an eBay security flaw may allow hackers to hijack accounts.

As you know, a hacker armed with hijacked eBay accounts could do some serious damage on the widely popular auctioning site. A security researcher found a major vulnerability in eBay’s website that has not been fixed.

Ever since the initial data breach of eBay, several security researchers have been examining the network. This second vulnerability is actually a cross-site scripting (XSS) flaw, which allows code from another source to be executed within a website. The flaw could grab cookies from logged-in eBay users and then emailed to a hacker.

The data stored in compromised cookie could relinquish login information to an eBay account allowing a hacker to utilize the account for malicious purposes.

Researchers and those who discovered this latest vulnerability say that it comes down to eBay’s security measures and their ability to notify their users of such a flaw. eBay quickly took measures to defend against the first vulnerability but it seems the second one may be addressed soon as well.

eBay has thanked Jordan Lee Jones, a 19-year-old college student who notified eBay of this second vulnerability and XSS flaw.

Popularity: 3%


Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word