A report has revealed that eBay had been compromised following an online attack that placed malicious Javascript code within its product listing pages. People who clicked on some of its links where automatically directed to a spoof site that looked like the website's welcome page.
The spoof website then asked for the users' eBay usernames and passwords. The technique used to hack the website is known as cross-site scripting (XSS) and is one of the top 10 vulnerabilities that website owners should be concerned about, reported the BBC.
The report said that the U.S.-based firm was alerted about the hack on Wednesday night but the malicious listings were removed more than 12 hours later.
The fake page that the users landed on after clicking some of the links had the potential to carry out further malicious actions.
A spokesperson for eBay downplayed the scope of the attack.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →
Smart Quarterly
₹900
3 Months
₹300/Month
Smart Essential
₹2,700
1 Year
₹225/Month
Super Saver
₹3,900
2 Years
₹162/Month
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app