Home >> News >> XSS password-stealing security holes still haunt eBay

XSS password-stealing security holes still haunt eBay

If you shop online, we must alert you to be very careful. It is not all sunny and full of freebies on eCommerce platforms. ECommerce platforms like eBay, Amazon or Best Buy offer loads of discounts to keep the shoppers happy, but there are many security concerns with these platforms.EBay_former_logo.svg

The problem lies in the storage and security of enormous amounts of data, including the personal details of millions of users. Hackers are always on the hunt to find such weaklings and attack the sites. EBay is one of the most attack eCommerce platforms. Last week it again announced a security breach that jeopardized personal details and credentials of millions of its users. The customers were asked to log-in and change their passwords in order to restore their accounts. Clearly eBay is at fault as buyers are losing a lot more and gaining much less.

Some hacker group ran XSS, a script on the site, which diverted the customers to a spoof site. The malicious code placed on eBay redirected the product listing pages to a fake page asking for eBay log-in details. The passwords of millions of users were stolen with this attack and eBay was unable to identify with the problem at first.

The PayPal’s own eCommerce site did not encrypt the users’ data carefully and it has led to loss of important details like credit cards and pin numbers. Most users use the same password for PayPal are also worried about the breach and will have to change their passwords.

The security experts are criticizing eBay for not adopting protective measures beforehand and taking longer than expected in getting things sorted after the hijack. The database will be misused in more ways than one causing more problems for the users. If you are an eBay customer, kindly be vigilant about it.

[ Via ]

About Sara Rose

She has spent the past 4 years playing the role of an IT consultant, and has now joined The Next Digit as a full time blogger. Her current profession is a result of her deep experience in computer gadgets, laptops, gaming accessories and other tech updates.

One comment

  1. People who aren't sure if their password is secure should use PasswordTurtle.com! PasswordTurtle makes passwords from normal english phrases so the passwords are easy to remember and secure. I use them whenever I make a new online account.

Leave a Reply

Your email address will not be published. Required fields are marked *