{"id":48655,"date":"2014-09-17T15:49:11","date_gmt":"2014-09-17T15:49:11","guid":{"rendered":"http:\/\/4cd.e16.myftpupload.com\/?p=48655"},"modified":"2014-09-17T15:49:11","modified_gmt":"2014-09-17T15:49:11","slug":"ebay-attack-puts-its-buyers-at-risk","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/?p=48655","title":{"rendered":"eBay attack puts its buyers at risk"},"content":{"rendered":"<p id=\"story_continues_1\">EBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials.<\/p>\n<p>The spoof site had been set up to look like the online marketplace&#8217;s welcome page.<\/p>\n<p>The US firm was alerted to the hack on Wednesday night but removed the listings only after a follow-up call from the BBC more than 12 hours later.<\/p>\n<p>One security expert said he was surprised by the length of time taken.<\/p>\n<p>&#8220;EBay is a large company and it should have a 24\/7 response team to deal with this &#8211; and this case is unambiguously bad,&#8221; said Dr Steven Murdoch from University College London&#8217;s Information Security Research Group.<\/p>\n<p>The security researcher was able to analyse the listing involved before eBay removed it.<\/p>\n<p>He said that the technique used was known as a cross-site scripting (XSS) attack.<\/p>\n<p>It involved the attackers placing malicious Javascript code within product listing pages. This code in turn automatically redirected affected users through a series of other websites, so that they ended up at the page asking for their eBay log-in and password.<\/p>\n<p>Users only had to click the original listing to have their browser hijacked.<\/p>\n<p>&#8220;The websites the user is being redirected to are almost certainly compromised by the attacker to hide his or her traces,&#8221; Dr Murdoch explained.<\/p>\n<div><img loading=\"lazy\" decoding=\"async\" alt=\"Fake eBay site\" src=\"http:\/\/news.bbcimg.co.uk\/media\/images\/77646000\/jpg\/_77646651_86b9f710-3aa8-4c3c-8025-645d976dff93.jpg\" width=\"512\" height=\"300\" \/><\/div>\n<div>Users who clicked on the affected listings were sent to a fake eBay welcome screen<\/div>\n<p>He added that the fake page the users were ultimately delivered to contained code that had the potential to carry out further malicious actions.<\/p>\n<p>&#8220;EBay is pretty competent, but obviously it has been caught out here,&#8221; he said.<\/p>\n<p>&#8220;Cross-site scripting is well within the top 10 vulnerabilities that website owners should be concerned about.&#8221;<\/p>\n<p>A spokesman for eBay played down the scope of the attack.<\/p>\n<p>&#8220;This report relates only to a &#8216;single item listing&#8217; on eBay.co.uk whereby the user has included a link which redirects users away from the listing page,&#8221; he said.<\/p>\n<p>&#8220;We take the safety of our marketplace very seriously and are removing the listing as it is in violation of our policy on third-party links.&#8221;<\/p>\n<p>However, the BBC identified that a total of three listings had been posted by the same account involved.<\/p>\n<p>At least two of them produced the same redirect behaviour. The third was removed by eBay, along with the other two, before it could be checked.<\/p>\n<p>Delayed reaction<\/p>\n<p>The issue was originally identified by Paul Kerr, an IT worker from Alloa in Clackmannanshire who is also an &#8220;eBay PowerSeller&#8221;.<\/p>\n<p>He called the firm shortly after he had clicked on a listing for an iPhone and been redirected.<\/p>\n<div><img loading=\"lazy\" decoding=\"async\" alt=\"eBay\" src=\"http:\/\/news.bbcimg.co.uk\/media\/images\/77646000\/jpg\/_77646653_dfb0e632-f0ab-461e-a720-74427aee72f2.jpg\" width=\"512\" height=\"288\" \/><\/div>\n<div>The eBay site has experienced several glitches over recent weeks<\/div>\n<p>&#8220;The advert had been up for 35 minutes,&#8221; he told the BBC.<\/p>\n<p>&#8220;When I spoke to the lassie on the phone, she said: &#8216;I&#8217;m going to report that to the highest level of security to get it looked into.&#8217; And she did emphasise that.<\/p>\n<p>&#8220;They should have nailed that straight away, and they didn&#8217;t.&#8221;<\/p>\n<p>Mr Kerr identified the problem because the web address of the page he was sent to was unusual. He screen-grabbed a\u00a0<a href=\"https:\/\/www.youtube.com\/watch?v=WT5TG_LvZz4&amp;feature=youtu.be\">video of the attack, which he uploaded to YouTube<\/a>\u00a0as evidence.<\/p>\n<p>He added that other less tech-aware users might not have realised the danger they were in.<\/p>\n<p>&#8220;It&#8217;s guaranteed &#8211; you can bet your bottom dollar that somebody&#8217;s going to click on that and be redirected to a third-party site and they&#8217;re going to enter their details and be compromised,&#8221; he said.<\/p>\n<p>&#8220;You don&#8217;t know how many of the hundreds of thousands of people who use eBay will have done that.&#8221;<\/p>\n<p>This is not the first technical setback eBay has suffered in recent months.<\/p>\n<p>The site has experienced several periods when members have been unable to sign into their accounts and have received incorrect password alerts.<\/p>\n<p>In May, the firm made users change their passwords after revealing that a database containing encrypted passwords and other non-financial data had been compromised.<\/p>\n<p>In addition, it announced in July that 1,600 accounts on its StubHub ticket resale site had been broken into resulting in a scam that defrauded the service of about $1m (\u00a3600,000).<\/p>\n<p>&nbsp;<\/p>\n<p>Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":"<p>EBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials. The spoof site had been set up to look like the online marketplace&#8217;s welcome page. The US firm was alerted to the hack on Wednesday night but removed the listings [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":48656,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jnews-multi-image_gallery":[],"jnews_single_post":[],"jnews_primary_category":[],"jnews_social_meta":[],"jnews_override_counter":[],"footnotes":""},"categories":[],"tags":[18],"class_list":["post-48655","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-dr-akwasi-osei"],"_links":{"self":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/48655","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=48655"}],"version-history":[{"count":0,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/posts\/48655\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=\/wp\/v2\/media\/48656"}],"wp:attachment":[{"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=48655"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=48655"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/citifmonline.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=48655"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}