eBay Inc (NASDAQ:EBAY) has been compromised today by at least one auction listing that was utilizing a cross-site scripting attack to divert users from the actual site to an imitation site. There, the affected users were asked to re-input their login information, while other malicious code was potentially being executed as well. The listing was uncovered and reported on by the BBC today.
While the BBC reported that eBay Inc (NASDAQ:EBAY) was made aware of the hack some 12 hours before being contacted by them, the listing was not actually removed until after they did so; a response that was deemed as being “unambiguously bad” by Dr Steven J. Murdoch, a Principal Research Fellow in the Information Security Research Group at University College London, as quoted by the BBC.
Murdoch added that while eBay Inc (NASDAQ:EBAY)’s security is generally solid, they were caught with their pants down in this instance, as cross-site scripting attacks are one of the most frequently used attacks to compromise a website, and should be near the top of security deparments’ watch
eBay Inc (NASDAQ:EBAY) in their response to the BBC downplayed the incident as a single listing which redirected users away from the site, though the BBC actually identified two more similar listings posted by the same account, which have also now been removed. eBay Inc (NASDAQ:EBAY) also failed to address why it took so long for the listing in question to be removed.
Paul Kerr, who was the first to contact eBay Inc (NASDAQ:EBAY) about the listing, told the BBC that such re-directions are all but certain to trick some users into re-entering their information, thinking they had simply been logged out accidentally without giving it much thought.
It’s not the best time for security flaws to pop up in their flagship service, even small ones, given that their subsidiary PayPal recently took out a full-page ad in the New York Times attacking Apple Inc. (NASDAQ:AAPL)’s recent security flaws that allowed celebrity accounts to be accessed and content taken, including nude photos. Apple’s Pay platform is a new competitor to PayPal.
eBay Inc (NASDAQ:EBAY) is up a healthy 1.94% the past two days as rumors swirl that search engine and tech giant Google Inc (NASDAQ:GOOGL) may be planning to take a major stake in the company.
Let Warren Buffett, David Einhorn, George Soros, and David Tepper WORK FOR YOU. If you want to beat the low cost index funds by an average of 6 percentage points per year look no further than Warren Buffett’s stock picks. That’s the margin Buffett’s stock picks outperformed the market since 2008. In this free report, Insider Monkey’s market beating research team identified 7 stocks Warren Buffett and 12 other billionaires are crazy about. CLICK HERE NOW for all the details.
