Researchers from Check Point Software reported in December a possible malware threat on the famous shopping platform, but apparently eBay is unphased by its vulnerability to hackers.
According to the software company, it would be very easy for a potential hacker to take advantage of this vulnerability. All they would have to do is create an eBay store and write a malicious item description in the detail section. The attacker would be able to create a code that would then trigger another code from his own server.
eBay responded to Check Point on January 16th by saying that it had no intention of fixing this problem. However, in a comment made for The Next Web News, an eBay representative stated that malicious codes are rarely encountered on their platform and that they are always taking potential security breaches very seriously.
The company’s perspective is that they have not discovered any type of fraudulent activity as the one described by Check Point Software.
Nevertheless, the alarm raised by the security company is disconcerting to say the least. We have to keep in mind the fact that there were over 162 million eBay users reported only in the fourth quarter of 2015, with many more entering daily.
An attack such as the one described above could leave eBay users exposed to a whole range of undesired situations, such as phishing attempts, data theft and potential installations of ransomware on their computers.
According to researchers at Check Point, even though eBay runs constant verifications on code, its only method is to strip alpha-numeric characters from the script tags.
One possible reason for eBay’s reluctance to fix its vulnerability would be the fact that by doing so, the company would have to temporarily shut down certain features or various site functionalities, which could have significant financial impact over the company.
eBay’s history dates back to 1995, when it was founded by Pierre Omidyar from his living room. He wanted to see what would happen if he would create a global marketplace, which would function as an online person-to-person trading community.
Sellers are allowed to post items on the company’s platform , while buyers are encouraged to bid for the products they are interested in. On top of that, users have the possibility to search through the list in an integrated way.
Image Source: WCCFtech