A reflected cross-site scripting vulnerability on eBay’s website could have been exploited by malicious actors for phishing attacks, a researcher has demonstrated. The flaw was identified in December by a researcher who uses the online moniker “MLT.”
The expert complained that eBay had not responded to his report for a month, and the e-commerce giant only patched the issue after being contacted by the media. XSS vulnerabilities are highly common, but that doesn’t make them any less dangerous. A blog post and proof-of-concept video show how an attacker could have exploited the weakness to launch phishing attacks.Read more
The eBay owned popular digital payment and money transfer service, PayPal has been found to be vulnerable to a critical web application vulnerability that could allow an attacker to take control over users' PayPal account with just a click, affecting more than 156 millions PayPal users.
An Egyptian security researcher has discovered three critical vulnerabilities in PayPal website, which could be used by cybercriminals in the targeted attacks. PayPal uses security Auth tokens for detecting the legitimate requests from the account holder, but expert successfully bypassed it to generate exploit code for targeted attacks.Read more
Online auction site eBay has advised its clients to change their passwords after a cyber-attack allowed hackers to gain access to one of its databases. Information stolen included personal details of “a large number of accounts.”
The California-based company has been asking its users “to change their passwords because of a cyber-attack that compromised a database containing encrypted passwords and other non-financial data,” according to a statement released on the company website. “For the time being, we cannot comment on the specific number of accounts impacted. However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords,” spokeswoman Kari Ramirez told.Read more