Of late, there have been several instances when user information has been hacked by the security flaws existing undiscovered on the internet. eBay user accounts were victims to such a hack because of a security flaw in the system.

eBay user passwords lost due to security flaw

eBay user passwords lost due to security flaw

Earlier this year in February, eBay user accounts were hacked and the passwords were posted on a forum which was revealed by a chat log which contained the passwords of several accounts. Until recently it was thought that the hack has been occurring only for a few weeks but the latest information reveals that the vulnerability has been abused to extract passwords of accounts for several months since February.

An eBay user has contacted BBC to explain that he has contacted the site to inform them of the vulnerability in the form a chat log with an outline to the problem which could tell them a little detail about it.

eBay user Paul Castle wrote during an online chat with the support staff of the company, “I was just browsing in Digital Cameras and came across a password-harvesting scam, this is potentially a big security problem for eBay users. There could be hundreds”

He also said them that once he clicked on a link it took him to a page where passwords are harvested and the site attempted to steal information from the user. The eBay support staff replied that the problem has been reported earlier and in spite of the company taking measures there are links that try to exploit users.

The BBC also reported 64 such listings on the site in the past 15 days which will risk the users and every time the hacker has been found using Cross site scripting to manipulate the browsing and took the user to a scam site using JavaScript.

eBay said, “This is related to the fact that we allow sellers to use active content like Javascript and Flash on our site. Many of our sellers use active content like Javascript and Flash to make their eBay listings more attractive. However, we are aware that active content may also be used in abusive ways.”