eBay warned of further security issues


May 29, 2014

It's been just over a week since online auction site eBay announced a substantial data breach, and now further attacks could be on the way.

Researchers have cautioned that eBay should be monitoring other security concerns that could further damage operations, namely scripting flaws present on the website.

Cross-site scripting (XSS) flaws have afflicted an eBay subdomain, according to Illia Kolochenko, CEO of Swiss security firm High-Tech Bridge. Mr Kolochenko revealed the information when speaking to SCMagazine.

He discovered the issue after running a brief check on the security of the site, and subsequently reported it to eBay.

Mr Kolochenko explained that a users' details could be at risk, and that eBay would need to take action to put proper security measures in place.

XSS bugs are commonly used by cyber attackers to inject code into the domain to steal sensitive data, or trick users into releasing financial information. As attackers can adjust the script as needed, it can appear on a variety of websites.

Enterprises should put inclusive security audits in place on a regular schedule, to identify whether employees may have let outside attackers in.

Leave a Reply

Your email address will not be published. Required fields are marked *