View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 18, 2014

Hackers attack eBay through product listings

Hackers used cross-site scripting to redirect users to spoof site.

By CBR Staff Writer

EBay is said to have been hacked once again with customers being led to a spoof site that steals their credentials.

The hackers have placed a malicious JavaScript code within the product listings pages that automatically redirected the users to the spoof site, according to security researcher Steven Murdoch of University College London.

The flaw was originally identified by eBay PowerSeller Paul Kerr when he clicked on a listing for iPhone and was redirected to a page with a suspicious web address.

Kerr reported the issue to the company, but said eBay removed the listing only after a follow up call 12 hours later.

Murdoch told the BBC: "EBay is a large company and it should have a 24/7 response team to deal with this – and this case is unambiguously bad.

"The websites the user is being redirected to are almost certainly compromised by the attacker to hide his or her traces."

At least three listings were redirected to malicious accounts, according to the BBC, but the ecommerce site said the problem was limited to a single item.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

An eBay spokesman said: "This report relates only to a ‘single item listing’ on eBay.co.uk whereby the user has included a link which redirects users away from the listing page.

"We take the safety of our marketplace very seriously and are removing the listing as it is in violation of our policy on third-party links."

Kerr added that thousands of unsuspecting users might have given their login credentials and compromised their accounts.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU