{"id":48655,"date":"2014-09-17T15:49:11","date_gmt":"2014-09-17T15:49:11","guid":{"rendered":"http:\/\/4cd.e16.myftpupload.com\/?p=48655"},"modified":"2014-09-17T15:49:11","modified_gmt":"2014-09-17T15:49:11","slug":"ebay-attack-puts-its-buyers-at-risk","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/","title":{"rendered":"eBay attack puts its buyers at risk"},"content":{"rendered":"

EBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials.<\/p>\n

The spoof site had been set up to look like the online marketplace’s welcome page.<\/p>\n

The US firm was alerted to the hack on Wednesday night but removed the listings only after a follow-up call from the BBC more than 12 hours later.<\/p>\n

One security expert said he was surprised by the length of time taken.<\/p>\n

“EBay is a large company and it should have a 24\/7 response team to deal with this – and this case is unambiguously bad,” said Dr Steven Murdoch from University College London’s Information Security Research Group.<\/p>\n

The security researcher was able to analyse the listing involved before eBay removed it.<\/p>\n

He said that the technique used was known as a cross-site scripting (XSS) attack.<\/p>\n

It involved the attackers placing malicious Javascript code within product listing pages. This code in turn automatically redirected affected users through a series of other websites, so that they ended up at the page asking for their eBay log-in and password.<\/p>\n

Users only had to click the original listing to have their browser hijacked.<\/p>\n

“The websites the user is being redirected to are almost certainly compromised by the attacker to hide his or her traces,” Dr Murdoch explained.<\/p>\n

\"Fake<\/div>\n
Users who clicked on the affected listings were sent to a fake eBay welcome screen<\/div>\n

He added that the fake page the users were ultimately delivered to contained code that had the potential to carry out further malicious actions.<\/p>\n

“EBay is pretty competent, but obviously it has been caught out here,” he said.<\/p>\n

“Cross-site scripting is well within the top 10 vulnerabilities that website owners should be concerned about.”<\/p>\n

A spokesman for eBay played down the scope of the attack.<\/p>\n

“This report relates only to a ‘single item listing’ on eBay.co.uk whereby the user has included a link which redirects users away from the listing page,” he said.<\/p>\n

“We take the safety of our marketplace very seriously and are removing the listing as it is in violation of our policy on third-party links.”<\/p>\n

However, the BBC identified that a total of three listings had been posted by the same account involved.<\/p>\n

At least two of them produced the same redirect behaviour. The third was removed by eBay, along with the other two, before it could be checked.<\/p>\n

Delayed reaction<\/p>\n

The issue was originally identified by Paul Kerr, an IT worker from Alloa in Clackmannanshire who is also an “eBay PowerSeller”.<\/p>\n

He called the firm shortly after he had clicked on a listing for an iPhone and been redirected.<\/p>\n

\"eBay\"<\/div>\n
The eBay site has experienced several glitches over recent weeks<\/div>\n

“The advert had been up for 35 minutes,” he told the BBC.<\/p>\n

“When I spoke to the lassie on the phone, she said: ‘I’m going to report that to the highest level of security to get it looked into.’ And she did emphasise that.<\/p>\n

“They should have nailed that straight away, and they didn’t.”<\/p>\n

Mr Kerr identified the problem because the web address of the page he was sent to was unusual. He screen-grabbed a\u00a0video of the attack, which he uploaded to YouTube<\/a>\u00a0as evidence.<\/p>\n

He added that other less tech-aware users might not have realised the danger they were in.<\/p>\n

“It’s guaranteed – you can bet your bottom dollar that somebody’s going to click on that and be redirected to a third-party site and they’re going to enter their details and be compromised,” he said.<\/p>\n

“You don’t know how many of the hundreds of thousands of people who use eBay will have done that.”<\/p>\n

This is not the first technical setback eBay has suffered in recent months.<\/p>\n

The site has experienced several periods when members have been unable to sign into their accounts and have received incorrect password alerts.<\/p>\n

In May, the firm made users change their passwords after revealing that a database containing encrypted passwords and other non-financial data had been compromised.<\/p>\n

In addition, it announced in July that 1,600 accounts on its StubHub ticket resale site had been broken into resulting in a scam that defrauded the service of about $1m (\u00a3600,000).<\/p>\n

 <\/p>\n

Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":"

EBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials. The spoof site had been set up to look like the online marketplace’s welcome page. The US firm was alerted to the hack on Wednesday night but removed the listings […]<\/p>\n","protected":false},"author":14,"featured_media":48656,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[18],"yoast_head":"\neBay attack puts its buyers at risk - Citi 97.3 FM - Relevant Radio. Always<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"eBay attack puts its buyers at risk - Citi 97.3 FM - Relevant Radio. Always\" \/>\n<meta property=\"og:description\" content=\"EBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials. The spoof site had been set up to look like the online marketplace’s welcome page. The US firm was alerted to the hack on Wednesday night but removed the listings […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"Citi 97.3 FM - Relevant Radio. Always\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/citi97.3\" \/>\n<meta property=\"article:published_time\" content=\"2014-09-17T15:49:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/citifmonline.com\/wp-content\/uploads\/2014\/09\/EBAY.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"304\" \/>\n\t<meta property=\"og:image:height\" content=\"171\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kojo Akoto Boateng\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@citi973\" \/>\n<meta name=\"twitter:site\" content=\"@citi973\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kojo Akoto Boateng\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/\",\"url\":\"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/\",\"name\":\"eBay attack puts its buyers at risk - Citi 97.3 FM - Relevant Radio. Always\",\"isPartOf\":{\"@id\":\"https:\/\/citifmonline.com\/#website\"},\"datePublished\":\"2014-09-17T15:49:11+00:00\",\"dateModified\":\"2014-09-17T15:49:11+00:00\",\"author\":{\"@id\":\"https:\/\/citifmonline.com\/#\/schema\/person\/1642ef473fe39bf0c4e2f2f252678eb1\"},\"breadcrumb\":{\"@id\":\"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/citifmonline.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"eBay attack puts its buyers at risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/citifmonline.com\/#website\",\"url\":\"https:\/\/citifmonline.com\/\",\"name\":\"Citi 97.3 FM - Relevant Radio. Always\",\"description\":\"Ghana News | Ghana Politics | Ghana Soccer | Ghana Showbiz\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/citifmonline.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/citifmonline.com\/#\/schema\/person\/1642ef473fe39bf0c4e2f2f252678eb1\",\"name\":\"Kojo Akoto Boateng\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/citifmonline.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ba51f5385119e83762c67ecd6aa410ab?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ba51f5385119e83762c67ecd6aa410ab?s=96&d=mm&r=g\",\"caption\":\"Kojo Akoto Boateng\"},\"url\":\"https:\/\/citifmonline.com\/author\/kojo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"eBay attack puts its buyers at risk - Citi 97.3 FM - Relevant Radio. Always","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/","og_locale":"en_US","og_type":"article","og_title":"eBay attack puts its buyers at risk - Citi 97.3 FM - Relevant Radio. Always","og_description":"EBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials. The spoof site had been set up to look like the online marketplace’s welcome page. The US firm was alerted to the hack on Wednesday night but removed the listings […]","og_url":"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/","og_site_name":"Citi 97.3 FM - Relevant Radio. Always","article_publisher":"https:\/\/www.facebook.com\/citi97.3","article_published_time":"2014-09-17T15:49:11+00:00","og_image":[{"width":304,"height":171,"url":"https:\/\/citifmonline.com\/wp-content\/uploads\/2014\/09\/EBAY.jpg","type":"image\/jpeg"}],"author":"Kojo Akoto Boateng","twitter_card":"summary_large_image","twitter_creator":"@citi973","twitter_site":"@citi973","twitter_misc":{"Written by":"Kojo Akoto Boateng","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/","url":"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/","name":"eBay attack puts its buyers at risk - Citi 97.3 FM - Relevant Radio. Always","isPartOf":{"@id":"https:\/\/citifmonline.com\/#website"},"datePublished":"2014-09-17T15:49:11+00:00","dateModified":"2014-09-17T15:49:11+00:00","author":{"@id":"https:\/\/citifmonline.com\/#\/schema\/person\/1642ef473fe39bf0c4e2f2f252678eb1"},"breadcrumb":{"@id":"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/citifmonline.com\/2014\/09\/ebay-attack-puts-its-buyers-at-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/citifmonline.com\/"},{"@type":"ListItem","position":2,"name":"eBay attack puts its buyers at risk"}]},{"@type":"WebSite","@id":"https:\/\/citifmonline.com\/#website","url":"https:\/\/citifmonline.com\/","name":"Citi 97.3 FM - Relevant Radio. Always","description":"Ghana News | Ghana Politics | Ghana Soccer | Ghana Showbiz","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/citifmonline.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/citifmonline.com\/#\/schema\/person\/1642ef473fe39bf0c4e2f2f252678eb1","name":"Kojo Akoto Boateng","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/citifmonline.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ba51f5385119e83762c67ecd6aa410ab?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ba51f5385119e83762c67ecd6aa410ab?s=96&d=mm&r=g","caption":"Kojo Akoto Boateng"},"url":"https:\/\/citifmonline.com\/author\/kojo\/"}]}},"_links":{"self":[{"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/posts\/48655"}],"collection":[{"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/comments?post=48655"}],"version-history":[{"count":0,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/posts\/48655\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/media\/48656"}],"wp:attachment":[{"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/media?parent=48655"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/categories?post=48655"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/citifmonline.com\/wp-json\/wp\/v2\/tags?post=48655"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}