eBay flaw a 'security risk' to customers

eBay on mobile. (Duncan Alfreds, Fin24)
eBay on mobile. (Duncan Alfreds, Fin24)

Cape Town – A security company has identified a vulnerability in e-commerce site eBay which could leave customers exposed to phishing attacks.

Check Point on Friday announced that it had discovered a flaw that allows attackers to bypass the trading site’s validation and control. This could leave customer computers exposed to malicious Java code.

“If this flaw is left unpatched, eBay’s customers will continue to be exposed to potential phishing attacks and data theft. An attacker could target eBay users by sending them a legitimate page that contains malicious code,” Check Point said in a statement.

“Customers can be tricked into opening the page, and the code will then be executed by the user’s browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download.”

READ: 6 tips to prevent whaling cyber attacks

The company had reported the flaw to eBay in December 2015, but said that the exploit is still live on the platform.

Multiple media reports indicate that the company has no plans to repair the vulnerability.

The massive online trading site had around 164 million users at the end of 2015 and the malicious attack dubbed “JSF**k” allows cyber crooks to use the platform as a phishing and malware distribution platform, said Check Point.

“The eBay attack flow provides cyber criminals with a very easy way to target users: Sending a link to a very attractive product to execute the attack,” said Oded Vanunu, Security Research Group manager at Check Point.

“The main threat is spreading malware and stealing private information. Another threat is that an attacker could have an alternate login option pop up via Gmail or Facebook and hijack the user’s account.”


- Follow Duncan on Twitter

ZAR/USD
17.62
(-1.25)
ZAR/GBP
23.01
(-0.54)
ZAR/EUR
20.78
(-0.41)
ZAR/AUD
12.62
(-0.16)
ZAR/JPY
0.17
(-0.83)
Gold
2031.70
(-1.76)
Silver
28.22
(-5.12)
Platinum
963.00
(-3.55)
Brent Crude
45.10
(-0.18)
Palladium
2177.00
(-2.22)
All Share
56757.73
(-1.56)
Top 40
52435.65
(-1.72)
Financial 15
9897.96
(+0.10)
Industrial 25
74671.49
(-1.98)
Resource 10
58948.78
(-1.89)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Do you think it was a good idea for the government to approach the IMF for a $4.3 billion loan to fight Covid-19?
Please select an option Oops! Something went wrong, please try again later.
Results
Yes. We need the money.
11% - 926 votes
It depends on how the funds are used.
74% - 6217 votes
No. We should have gotten the loan elsewhere.
15% - 1278 votes
Vote