It’s really not that unusual to hear about the vulnerability of a website these days. In fact, it often just seems to be the cost of doing business online. What people do want to know, however, is how quickly a company reacts to a security threat and how quickly they get it taken care of. Unfortunately, in the case of eBay’s most recent security vulnerability, it appears that the online marketplace didn’t actually act on the information about the breach until the media got in behind it and started to report on it.
This time around, the security flaw which would allow hackers to create fake login pages, was first noticed by an independent security researcher who discovered the critical bug in the early part of December and informed eBay about it on December 11.
Although eBay supposedly asked for more information about the breach, the researcher, who goes by the name MLT, states that after the initial email asking for more information about their discovery, the company stopped communicating with the researcher and didn’t attempt to patch the security breach until they were actually asked about it by reporters last week.
The bug which is known as XSS, is a common one that allows hackers to insert malicious code into a website. In the case of eBay’s XSS bug, hackers could use it to create pages that looked like a member’s real login page, but once the member put in their name and password, hackers could then take over their account.
Since XSS reportedly is a rather simple flaw to fix, some members have been left wondering why it took the online marketplace so long to create a patch. Ryan Moore, a spokesperson for eBay told reporters that the delay was due to a miscommunication caused by MLT, who he said, used a second email address to communicate with them thereby causing a bit of a lapse in response time. Moore states that the bug has since been fixed and that eBay continues to be vigilant in providing a website that is safe for its members.
Has your eBay account or another account ever been hacked? Leave a comment below.