Hackers have reportedly exploited a weakness in eBay’s site that enabled them to redirect customers to pages that steal login information.
It’s claimed that eBay only removed the hacked listings after the BBC contacted the company, and that customers had been vulnerable for at least 12 hours.
Speaking to the BBC, IT worker Paul Kerr explained that eBay hadn’t removed the compromised listings:
When I spoke to the lassie on the phone, she said: ‘I’m going to report that to the highest level of security to get it looked into.’ And she did emphasise that. They should have nailed that straight away, and they didn’t.
A video was created to show eBay exactly how the hack worked:
In a statement to the BBC, eBay assured customers that they were unlikely to have been affected by the hack, remarking “This report relates only to a ‘single item listing’ on eBay.co.uk whereby the user has included a link which redirects users away from the listing page. We take the safety of our marketplace very seriously and are removing the listing as it is in violation of our policy on third-party links.”