Computerbild discloses security loophole at eBay

Wednesday, 14 May 2003, 12:32 PM EST

A loophole remains open in the security system of the eBay online auction house according to reports by Europe’s largest computer magazine COMPUTERBILD and the television channel SAT.1/N 24. Without leaving a trace, hackers can slip through the loophole and bid at auctions using member names or evaluate other members.

They gain unauthorized access by answering the so-called password question. Upon initial registration, each eBay user selects a question to which only he knows the answer. If the eBay user has forgotten his password he can create a new one after answering the question which is freely accessible to every internet user. However, even without changing the password users can bid and evaluate other members with a simple mouse click on a particular menu button, since they are registered automatically in the eBay system after answering the password question.

In this way, hackers get to the "secret" answers: unfortunately, many eBay members worldwide are careless with their personal data. On their individual eBay pages (so-called "Me" pages) they leave information in which the answer to the password question can be found. A dozen times and in a matter of minutes, a hacker demonstrated to the COMPUTERBILD magazine how easy it is to crack members’ accounts. He could have auctioned goods worth several million euro without any trouble at all.

[ Read more ]

Related items




Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //