eBay Explains Security Hole Used by Hacker
By Ina Steiner
An eBay moderater apologized to users on a Trust & Safety discussion board over an incident that took place on Friday in which a hacker was able to suspend some member accounts. He explained, "This fraudster found very old administrative functions that had not been deactivated several years ago when we changed the security of our internal systems. These functions were still accessible on public servers, while the rest of our functionality is now behind multiple layers of security. We immediately identified the functions that he accessed and deactivated, and we are undergoing an audit to ensure obsolete code that may still exist for other reasons is secure."
Friday's incident was detailed on the AuctionBytes blog on Saturday and was believed by users to have been committed by a fraudster called Vladuz (http://blog.auctionbytes.com/cgi-bin/blog/blog.pl?/pl/2007/10/1191718840.html). The story was picked up on Monday by IDG News Service reporter Juan Carlos Perez (http://www.pcworld.com/article/id,138193-c,hackers/article.html).
The eBay moderator, posting on Monday evening, said no financial information had been accessed ("that is because credit card data is protected at a much higher level than contact information") and called the number of affected accounts a "handful."
He told affected users to write him at firstname.lastname@example.org if they had not received a phone call from eBay.
About the author:
Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to email@example.com.
You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.