Latest posts by Alvin Bryan (see all)
- Millionaire Tyupkin Malware ATM Hackers May Come to US, India After Hitting Europe - October 23, 2014
- BitLicense Will Allow Bitcoin Spying in New York - October 22, 2014
- Australians are Fighting Data Retention Laws - October 22, 2014
is notoriously dangerous code. It can be manipulated to execute different actions than was originally intended, as in the recent Xfinity ad scandal. It can also go wrong of its own accord, creating holes in website security that can be exploited, as with last year’s HTML5 issue. This time, malicious code was placed directly on eBay product listings. eBay finally announced this problem, but failed to alert users early on. Customers on the site since February could have been subject to identity theft without their knowledge. This is another blunder by the huge auction site, which also failed to respond in a timely manner to the earlier Rosetta Flash attack. eBay database and daughter site StubHub was also attacked last July.
eBay suffered a data breach last February which is related to this security issue. Then, an estimated 233 million people’s personal details were stolen. Users had to change their passwords in May to secure their accounts. But now we learn that the malicious script was still on the site. Even if they changed their passwords after the February data breach, users were still vulnerable to having their new credentials stolen. Now that eBay says the problem has been fixed, users need to change their eBay login passwords again to protect their accounts.