Email This Post Email This Post

eBay Fixes Security Flaw

A researcher reported a security flaw to eBay that would have enabled fraudsters to steal its members’ credentials, according to Motherboard, which wrote about the vulnerability on Monday.

The publication said eBay confirmed it received the report on December 11th but didn’t patch the bug due to a communication breakdown until Motherboard contacted eBay last week.

“The researcher, who goes by the name MLT, said anyone could have taken advantage of the bug to target individual eBay users and take over their accounts, or harvest thousands, if not millions, of users credentials by sending phishing carefully crafted emails to eBay users.”

The researcher and eBay both told Motherboard on Monday that the bug was patched. The publication said it didn’t appear that anyone exploited the flaw in the open, “although it’s possible that someone else other than MLT found the bug and used it for malicious purposes.”

eBay had sent a mass email to users in December warning users to update their personal information, which prompted some recipients to worry that there had been another breach like the one in 2014 that prompted eBay to send a mass warning to users.

Sponsored Link

eBay didn’t respond to our inquiry about the December 31st mailing, described in this article, where we noted the strange timing of such an email as many staff were off for the New Year’s holiday and thus unable to answer questions about the worrisome email.

 

Ina Steiner on EmailIna Steiner on LinkedinIna Steiner on Twitter
Ina Steiner
Ina Steiner
Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to ina@ecommercebytes.com.