EBay ‘Severe’ Security Flaw Gets the Cold Shoulder — from EBay

A bug that could put hundreds of millions of users at risk seems to be getting little more than a shrug from online auction platform eBay. The vulnerability allows hackers to distribute malicious code, perpetrate phishing attacks, and steal data. Nevertheless, eBay told the firm that discovered the flaw that it has no plans to patch it.

The problem was first discovered by Check Point Software, an Israeli cybersecurity company. Earlier this week, Check Point said that it brought the flaw to eBay?EU?s attention on December 15. However, on January 16, eBay told Check Point that it had no plans to address the issue, according to the cybersecurity firm.

Not Fully Patched

Since Check Point first went public with the vulnerability, eBay has made several statements that it has "implemented various security filters" based on the security firm?EU?s information, and said that it has not observed any malicious behavior since being alerted to the bug. Still, eBay has acknowledged that the vulnerability is still ?EU?not fully patched.?EU?

EBay also noted that it would not be able to fully fix the problem, since the company allows active content on its site. It added that fraudulent or malicious content is extremely rare on the site, representing only about two listings for every million.

But Check Point said that the vulnerability is a severe one, and that if it is not fully fixed, all eBay?EU?s users will remain at risk. ?EU?The eBay attack flow provides cybercriminals with a very easy way to target users: sending a link to a very attractive product to execute the attack,?EU? said Oded Vanunu, security research group manager at Check Point. ?EU?The main threat is spreading malware and stealing private information. Another threat is that an attacker could have an alternate login option pop up via Gmail or Facebook and hijack...

Comments are closed.