728_header.jpg (23748 bytes)
 Home 
 EB Blog 
 AB Blog 
 Letters 
 Podcasts 
 ABTV 
 Forums 
 EPIS 
 PR Service 
 Classifieds 
 EKG 
 Ratings 
EcommerceBytes-NewsFlash, Number 1638 - October 09, 2007 - ISSN 1539-5065    1 of 3

eBay Explains Security Hole Used by Hacker

By Ina Steiner
EcommerceBytes.com
October 09, 2007




Email This Story to a Friend

An eBay moderater apologized to users on a Trust & Safety discussion board over an incident that took place on Friday in which a hacker was able to suspend some member accounts. He explained, "This fraudster found very old administrative functions that had not been deactivated several years ago when we changed the security of our internal systems. These functions were still accessible on public servers, while the rest of our functionality is now behind multiple layers of security. We immediately identified the functions that he accessed and deactivated, and we are undergoing an audit to ensure obsolete code that may still exist for other reasons is secure."

Friday's incident was detailed on the AuctionBytes blog on Saturday and was believed by users to have been committed by a fraudster called Vladuz (http://blog.auctionbytes.com/cgi-bin/blog/blog.pl?/pl/2007/10/1191718840.html). The story was picked up on Monday by IDG News Service reporter Juan Carlos Perez (http://www.pcworld.com/article/id,138193-c,hackers/article.html).

The eBay moderator, posting on Monday evening, said no financial information had been accessed ("that is because credit card data is protected at a much higher level than contact information") and called the number of affected accounts a "handful."

He told affected users to write him at john_security@ebay.com if they had not received a phone call from eBay.

http://forums.ebay.com/db2/thread.jspa?threadID=2000445800

About the author:

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to ina@ecommercebytes.com.

You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.

Sign up for our Email Newsletters

Email This Story to a Friend
Email this story to a friend.


1 of 3


Related Stories
Sponsored Ad