eBay criticised over security loophole

Tuesday, September 23, 2014 - 09:30 by Mike Price

Online auction giant eBay has been leaving its users open to exploitation by malicious third parties as a result of a problem with its security systems, according to BBC News. And the most troubling thing about this is that the loophole was allegedly left open for several months.

The issue lies in the way that eBay handles links to external sites, which allowed some scammers to embed malicious links in auction listings that would send legitimate users to fraudulent pages even if they started out browsing eBay's genuine offerings.

While people can still carry out safe shopping online with eBay as long as they stick to using its most reputable sellers, clicking a link to take you elsewhere could lead to security and privacy issues, which has been an ongoing cause for concern since February of this year.

Cybercriminals set up a huge number of websites which are designed to steal user information and dupe innocent shoppers into giving away things like passwords and even financial information. And some of the biggest retail and social networking sites have begun to place warnings on any external links, as well as blocking the most harmful third party sites.

Research carried out by the BBC found that in the past two weeks at least 64 items listed for sale via safe shopping online through eBay have included malicious links and other embedded code designed to hijack a user's browser, such as exploits based on Flash and Javascript.

This is certainly something that eBay has a responsibility to address because of course without adequate measures in place it could be easy for hackers to compromise even the best known e-commerce retailers. Hopefully action will be taken promptly now that this issue has been given mainstream coverage in the media.