eBay is under fire for its dangerous listings

E-commerce biggie eBay is under fire as top security researchers have asked it to take necessary actions over its dangerous listings. According to the researchers, this flaw has put hundreds of thousands of eBay users at high risk of losing confidentiality of their personal data.

BBC has identified more than 100 listings that have been abused by hackers with the intent to trick customers and get access to their personal information. BBC informs that some users who have come across the problem have contacted them saying that they have already notified the e-commerce company about it. eBay, on the other hand, has said that it is currently reviewing all its website features and the entire content of the site.


According to a report broadcasted by BBC, accounts of innocent eBay users got hijacked for placing the forged listings. The majority of those accounts carry 100% positive feedback; the list also includes accounts that have sold hundreds of products.

According to the owner of one such hacked account, he suddenly got locked out of his eBay account and later got a bill of around £35 from the company. eBay sends such bills only to sellers who have auctioned an item (to cover sellers’ fees); here, the ill-fated user was billed in spite of not auctioning anything.

If a customer clicks on any of these compromised listings he/she will be redirected to an official-looking, sophisticated website and will be asked to sign up and share personal data like bank account details. Once submitted, the information will no more remain private and the hackers will have complete access to it.

Hackers are using a range of items to trick victims; these include clothing, electronics, home appliances, etc. According to eBay, users have become more susceptible to the problem as they often use Flash content and JavaScript on listing pages.

These tools are used by sellers primarily to make the pages appear more eye-catching and exciting. Tech experts representing the e-commerce giant, however, said that using Flash and JavaScript for building web pages makes it easier for the hackers to include malicious codes in them. The hacking technique that is mostly used for including those codes is called cross-site scripting or XSS.

James Lyne, a researcher working as the security company Sophos, said that from all these facts the one thing that can be concluded is that the actions of the hackers are really dodgy and are taking customers to nasty web pages with suspect scripts.

Lyne added he and his team is not sure what exactly the motive of the attackers is, but it is clear to him that people using eBay are still being redirected to the nasty malicious websites.

It has been a long time since the website has been affected by this problem, BBC reports that the eBay is facing the issue at least since February this year. There are also experts who suggest that the issue is more than a year old. Whatever the case may be, the e-commerce giant should find a remedy as soon as possible to make life easier for sellers and buyers.

Tagged with

Leave a Reply

Your email address will not be published. Required fields are marked *

fifteen + two =