Ebay Hacked Again

Thought I would share this I just read on eBays forums.




Heading FYI - ebay hacked again ... not good for business

Nice of them to let us know which they haven't again.

copied article from BBC News (business news)



17 September 2014 Last updated at 14:32

.

ebay redirect attack puts buyers' credentials at risk



ebay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials. The spoof site had been set up to look like the online marketplace's welcome page.

The US firm was alerted to the hack on Wednesday night but removed the listings only after a follow-up call from the BBC more than 12 hours later. One security expert said he was surprised by the length of time taken.

" ebay is a large company and it should have a 24/7 response team to deal with this - and this case is unambiguously bad," said Dr Steven Murdoch from University College London's Information Security Research Group.

The security researcher was able to analyse the listing involved before ebay removed it.

He said that the technique used was known as a cross-site scripting (XSS) attack.

It involved the attackers placing malicious Javascript code within product listing pages. This code in turn automatically redirected affected users through a series of other websites, so that they ended up at the page asking for their ebay log-in and password.

Users only had to click the original listing to have their browser hijacked.

"The websites the user is being redirected to are almost certainly compromised by the attacker to hide his or her traces," Dr Murdoch explained. (read fully story at BBC)

This copy and pasted from there sellers forums and was posted yesterday.

May need to change passwords AGAIN.