AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Thu Dec 15 2016 21:53:16

eBay Listing Hijacked to Promote Questionable Website

By: Ina Steiner

Sponsored Link

A seller wrote me to say their listing was hacked. They said that after they had received an inquiry from a shopper about an item they had for sale, they checked the listing and discovered the description had been hijacked.

"I was horrified to see it had been hacked and instead of my description there were photos of watches and blurbs about free things -nothing to do with me or my listing, and my original product description gone! I tried to revise it but each photo was individual and I couldn't delete the copy."

We checked the listing, and sure enough, it contained images of watches (not what the seller had listed) along with a message, "Like Free Stuff? Go to (site name) - Win Prizes, Giveaways Sweepstakes & More!"

We sent a link to the listing to eBay PR inquiring how it happened and asking what the seller should do. We've yet to hear back.

In the meantime, we also came across a thread on the eBay boards from earlier this year when another seller described a similar incident involving the same site.

It's possible this has something to do with a known vulnerability called cross-site scripting (XSS), part of the reason why eBay decided to ban active content in seller listings beginning next year.




Comments (10) | Permalink

Readers Comments

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

This user has validated their user name. by: Marie

Fri Dec 16 19:37:11 2016

How does someone hijack just a listing and not your entire account?  

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

by: 27tcle This user has validated their user name.

Fri Dec 16 20:24:55 2016

It is because they still use java and the AD object windows are rather easily exploitable. Yes ebay it is YOUR FAULT, i mean we pay good money to have an ad on your site, and your greed by using our listing pages to advertise all sorts of extra unrelated crap created this vulnerability. As they say, if you leave the keys in the lock, what's the point of having a lock on the door?

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

by: ignatz This user has validated their user name.

Sat Dec 17 09:56:33 2016

This was a big issue a couple of years ago.  Why is it taking eBay SO #(#$&@)! long to stop this?  

Could their IT department be completely incompetent?  Ehhhh - it's possible!

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

by: RL15 This user has validated their user name.

Sat Dec 17 13:52:41 2016

This issue has been around for awhile.

And of course eBay denies it.
Lots of people had this issue. It was brought up in the of the ebay weekly chats.

Grifter told everyone with the issue that they need to clear their cookies, etc. He lied.

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

by: siamsuper This user has validated their user name.

Sat Dec 17 20:38:46 2016

I reported a hijacked listing to ebay and included a screenshot. The listing made a popup that said I won a $500 ebay gift certificate and tried to download a file to my computer. The idiot customer service did not escalate to someone with a functioning brain. Idiot told me ebay does not do that and asked me if I had a toolbar installed.

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

This user has validated their user name. by: Ina

Sun Dec 18 20:27:36 2016

Out of curiosity I went back to the listing just now (12/18/16 at 8:15 pm ET) - the listing is still showing the hijacked description.

I had sent the PR department a link to the listing on Thursday - I'm not sure why they didn't forward it to someone to take care of this specific listing at least.

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

by: comet This user has validated their user name.

Sun Dec 18 22:16:08 2016

Can  the Seller not take  the listing  down?  That  would be  my  thought---screen  shot it;  document what  you can;  take it DOWN and change   you Password  etc.  

Then  make a concerted  effort to get actual HELP  from  ebay  ASAP.  
I'm not  very "Tech Savvy"  but  this  seems like Tech 101  to me.  

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

This user has validated their user name. by: Ina

Sun Dec 18 22:29:26 2016

@comet, it's a completed listing - and the item sold, so not sure you can remove the listing.

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

by: Moonwishes This user has validated their user name.
Web Site

Mon Dec 19 01:28:30 2016

I know this is a bit off topic, but last we I sold something that was out of stock which left me to go to ebay to try to find another after I had exhausted other possibilities. I don't know how anyone sells anything the way ebay has mucked up seller listings. I would land on a page and see the basic photo, the buy button and aa few other bits of info and then bunches of photos of other stuff for sale that has nothing whatsoever to do with the product the page was listed for. finally I figured out that I had to click on a button and wait for a page to load with the listing information. What is up with that. Are sellers actually paying for these listings that are all about selling others seller's stuff? I can't believe that all ebay sellers haven't revolted and left. I can't imagine paying for a listing that a potential buyer can't even see because ebay is plastering ads all of the what should be the listing page. If this is part of why a completed listing has been taken over by someone else, I'm not surprised. Ebay is currently the biggest gimmick in the world for making a few people millionaires while the rest (the sellers) struggle to pay the mortgage because of what ebay is doing to them.

Next time I'm OOS I'll just take the potential hit for it. I don't want to mess with ebay again.

eBay Listing Hijacked to Promote Questionable Website   eBay Listing Hijacked to Promote Questionable Website

by: pebbles This user has validated their user name.

Tue Dec 20 11:30:17 2016

I actually have had my listings hijacked via posting from eBay to pinterest. Called eBay with the problem, no answers. I had already contacted pinterest and changed all passwords, found it is in fact an issue on eBays side. Ebay only suggests that it must be my browser! Really? I sell on 5 venues and this only happens on eBay.
Also have problems with eBay rendering in plain text in multiple browsers, only happens on eBay, all other sites are perfect. Still, they say it's my browser. Umm, I think not.
Over 2 years of these problems, numerous phone calls and even an email directly to Donahoe with no answers. Yet, it seems with each call my sales plummet & my store suffers miserably.
Interesting way to stop seller complaints- by halting sales.



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.