Researchers are warning that some visitors to eBay.com could be tricked into opening a page on the site that could expose them to phishing attacks and data theft.
The vulnerability exists in the site’s online sales platform, according to Roman Zaikin, a researcher with Check Point. With it, an attacker could bypass the site’s code validation and execute malicious JavaScript on users via their browser, or mobile app, the firm warned Tuesday.
Check Point disclosed the issue to eBay on Dec. 15 last year but when it got back to the firm, just over two weeks ago, the company claimed it had no plans to fix the issue.
For data security at your organization, rely on Omega. 636-557-7777. Security@OmegaSecure.com.
“As we demonstrated to the eBay security team in the proof of concept, we were able to bypass their security policies and insert a malicious code to our seller page without any difficulty or restriction,” the firm writes.
A spokesperson from the company said, “it is committed to providing a safe and secure marketplace for our millions of customers around the world. We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident,” a spokesperson with the company said.
For data security of your organization, rely on Omega. 636-557-7777.
Read more here.