Computerbild discloses security loophole at eBay

Wednesday, 14 May 2003, 12:32 PM EST

A loophole remains open in the security system of the eBay online auction house according to reports by Europe’s largest computer magazine COMPUTERBILD and the television channel SAT.1/N 24. Without leaving a trace, hackers can slip through the loophole and bid at auctions using member names or evaluate other members.

They gain unauthorized access by answering the so-called password question. Upon initial registration, each eBay user selects a question to which only he knows the answer. If the eBay user has forgotten his password he can create a new one after answering the question which is freely accessible to every internet user. However, even without changing the password users can bid and evaluate other members with a simple mouse click on a particular menu button, since they are registered automatically in the eBay system after answering the password question.

In this way, hackers get to the "secret" answers: unfortunately, many eBay members worldwide are careless with their personal data. On their individual eBay pages (so-called "Me" pages) they leave information in which the answer to the password question can be found. A dozen times and in a matter of minutes, a hacker demonstrated to the COMPUTERBILD magazine how easy it is to crack members’ accounts. He could have auctioned goods worth several million euro without any trouble at all.

[ Read more ]

Related items




Spotlight

Dissecting the unpredictable DDoS landscape

Posted on 23 April 2014.  |  DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Apr 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //