A loophole remains open in the security system of the eBay online auction house according to reports by Europe’s largest computer magazine COMPUTERBILD and the television channel SAT.1/N 24. Without leaving a trace, hackers can slip through the loophole and bid at auctions using member names or evaluate other members.

They gain unauthorized access by answering the so-called password question. Upon initial registration, each eBay user selects a question to which only he knows the answer. If the eBay user has forgotten his password he can create a new one after answering the question which is freely accessible to every internet user. However, even without changing the password users can bid and evaluate other members with a simple mouse click on a particular menu button, since they are registered automatically in the eBay system after answering the password question.

In this way, hackers get to the "secret" answers: unfortunately, many eBay members worldwide are careless with their personal data. On their individual eBay pages (so-called "Me" pages) they leave information in which the answer to the password question can be found. A dozen times and in a matter of minutes, a hacker demonstrated to the COMPUTERBILD magazine how easy it is to crack members’ accounts. He could have auctioned goods worth several million euro without any trouble at all.

[ Read more ]

Related items

• News: Former cybersecurity czar to join eBay (2 May 2003)
• News: Scam casts doubt on eBay's anti-fraud software (27 March 2003)
• News: Charges filed in alleged eBay scam (6 December 2002)