A security flaw on eBay's website has been exposing eBay's customers to malicious websites. This has been happening on eBay's site since Feburary. It has been revealed that by clicking on some of the listings on the site will automatically redirect customers to harmful sites. eBay has failed to fix and inforem users about the security flaw, despite having known since Feburary.
According to BBC News, an eBay user Paul Castle contacted eBay in order to report the problem in a chat log which outlined the problem in detail with eBay's staff. This is not the first time that eBay has been hit with a security breach. eBay had a massive security breach which happened in May. The breach affected 145 million customers, which was performed by unknown hackers. The information stolen was email addresses, encrypted passwords, mailing addresses, and birth dates.
The site eBay gives permission to many of their users who sell on eBay to use Javascript and Flash to make their listings more attractive, which is related to the security flaw. The search engine of eBay only allows customers to find completed auctions that are more than 15 days old. In each case of the listings, it appears that cross-site scripting (XSS) was used to steal the customer's information using Javascript. Cross-site scripting (XSS) is not allowed on eBay and eBay uses a range of security features, which are designed to detect and remove the listing containing the harmful codes. BBC News uncovered that many of their listings have been posted for more than 15 days, which posed dangers to eBay's users.
In an interview BBC News reporter Dave Lee, a spokeswoman for eBay, "The company assures that they have a security team for the site, but the hackers used tactics capable of by passing their security. These hackers intentionally adapt to their code and tactics to try to stay ahead of the most sophisticated security team."
The site eBay is being heavily criticized by security experts for failing to react quickly to the problem and allowed it to go on for so long. This is the second time eBay has had security issues this year.