Email This Post Email This Post

All Eyes on eBay Following Security Breach

No one knows for sure just how eBay’s security breach is impacting overall sales except for the company itself, but sellers worry about how the hack will impact them. Last week, IDG News Service was among those reporting on vulnerabilities that security gurus said they found on eBay’s website, adding to sellers’ concerns about the breach.

One “security enthusiast,” who are unpaid experts who spend long hours on their own time to look for flaws on major websites, said he was finding little incentive to continue analyzing eBay “since the company doesn’t pay for vulnerability information,” according to IDG.

The news service quoted Yasser Ali talking about eBay:

Sponsored Link

“They are not like Google’s security team, and they are not like Facebook,” Ali said, noting those companies have close ties with the research community. “This will kill their reputation.””

Ali reported a vulnerability he said would let him take over anyone’s eBay account if he knew that person’s user name, and he said eBay had since fixed the bug. Other reported vulnerabilities, according to IDG, include cross-site scripting vulnerabilities, an “information leakage flaw,” an SQL injection vulnerability (fixed by eBay), and a problem involving Flash.

But it’s interesting that eBay blamed the security breach on comprised employee credentials, something that might be more likely to occur through social engineering techniques as opposed to a bug, though eBay has not provided enough details to know for sure.

In the meantime, some sellers say they are concerned about the impact on sales, writing to EcommerceBytes and starting posts on discussion boards to see if others think their sales declined as a result of the breach, such as this thread created on Saturday – though there have always been ongoing threads from marketplace sellers reporting and theorizing on low sales.

eBay itself appeared to be concerned about auction listings, allowing sellers to cancel auctions from May 21 through May 31, explaining: “We recognize that the password reset may temporarily interrupt the normal bidding process for buyers.”

Ina Steiner on EmailIna Steiner on LinkedinIna Steiner on Twitter
Ina Steiner

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. Send news tips to ina@ecommercebytes.com.


Leave a Reply