Ebay big flaw (malicious sites) known for months


A flaw that has exposed eBay customers to malicious websites has been affecting the site since at least February, the BBC has found.

Earlier this week it was revealed how clicking on some listings automatically redirected users to the harmful sites.

EBay removed several posts, but said it was an isolated incident.

But the BBC has since found multiple listings, from multiple users, exploiting the same vulnerability.

Furthermore, several readers contacted the BBC detailing complaints they had made to the site.

In a statement, eBay said it had a dedicated team working on security, but that criminals “intentionally adapt their code and tactics to try to stay ahead of the most sophisticated security systems”.

‘Big problem’

A transcript from February this year showed user Paul Castle explaining the issue, in detail, to eBay support staff.

“I was just browsing in Digital Cameras and came across a password-harvesting scam,” wrote Mr Castle during the online chat with eBay support staff.

Clicking on the listing link, Mr Castle explained, “transfers immediately to a password harvest scam page”.


Source. BBC