Tag Archive | "ebay"

Tags: ,

New EBay Flaw Could Allow Hackers to Hijack Accounts

Posted on 28 May 2014 by GranTorinoGuy

Many of you who utilize eBay often have probably already taken notice to notifications sent by eBay to change your password due to account information being compromised. Now, after users have adhered to that first issue, another issue arises as an eBay security flaw may allow hackers to hijack accounts.

As you know, a hacker armed with hijacked eBay accounts could do some serious damage on the widely popular auctioning site. A security researcher found a major vulnerability in eBay’s website that has not been fixed.

Ever since the initial data breach of eBay, several security researchers have been examining the network. This second vulnerability is actually a cross-site scripting (XSS) flaw, which allows code from another source to be executed within a website. The flaw could grab cookies from logged-in eBay users and then emailed to a hacker.

The data stored in compromised cookie could relinquish login information to an eBay account allowing a hacker to utilize the account for malicious purposes.

Researchers and those who discovered this latest vulnerability say that it comes down to eBay’s security measures and their ability to notify their users of such a flaw. eBay quickly took measures to defend against the first vulnerability but it seems the second one may be addressed soon as well.

eBay has thanked Jordan Lee Jones, a 19-year-old college student who notified eBay of this second vulnerability and XSS flaw.

Popularity: 3%

Comments (0)