- West Virginia corrections employees suspended after Nazi salute photo surfaces Thursday 8:02 PM
- Here are the 15 best Eddie Murphy movies available to stream Thursday 7:56 PM
- Ex-InfoWars video editor admits to making up Islamophobic stories Thursday 6:55 PM
- WhatsApp accounts deleted amid Kashmir internet blackout Thursday 6:21 PM
- Guy gets mocked for tattoo of Baby Yoda drinking White Claw Thursday 6:18 PM
- Spotify Wrapped has people asking just how much it knows about us Thursday 5:50 PM
- Instagram account allegedly asked for inappropriate photos of children Thursday 5:16 PM
- How to stream ‘Boys vs. Bears on Thursday Night Football Thursday 4:33 PM
- Woman caught her boyfriend cheating through his Fitbit Thursday 4:29 PM
- The Pete Buttigieg ‘High Hopes’ dance was designed by an intern Thursday 4:17 PM
- TikTok admits to hiding content made by fat, LGBTQ, and disabled users Thursday 3:58 PM
- ‘Merry Happy Whatever’ is an unoriginal sitcom with plenty of holiday cheer Thursday 3:55 PM
- The ‘Pod Save America’ Bros are losing it over Joe Biden’s newest ad Thursday 3:28 PM
- Van Halen had a wholesome response in defense of Billie Eilish Thursday 3:15 PM
- Influencer faces wrath of K-pop fans after her son played with penis-shaped soap Thursday 1:27 PM
There’s bad news and worse news for frequent bidders on eBay. The bad news is that the platform has a severe flaw that could allow through malicious attacks. The worse news? eBay reportedly knows about this flaw but won’t fix the issue.
The report of the issue came on Monday from Israeli security firm Check Point. According to the company, the vulnerability makes it possible for attackers to bypass eBay’s code validation process and remotely execute malicious code targeted toward eBay users.
The nature of this type of attack attack would leave users exposed to a considerable amount of potential harm, ranging from phishing attempts to data theft and stealth installations of ransomware downloads.
Check Point discovered the flaw on December 15, 2015 and reported it to eBay. On January 16, 2016, eBay reported back to the security outfit that it had no plans to address the vulnerability. As of yesterday’s blog post made by Check Point, the flaw was still live on eBay’s site.
Videos uploaded by Check Point appear to show the exploit in action.
In a statement to the Daily Dot, an eBay spokesperson said, “We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident.”
According to the spokesperson, eBay has been in touch with the researcher who spotted the issue and has “implemented various security filters based on his findings to detect this exploit.”
In the fourth quarter of 2015, eBay reported over 162 million active users on its platform. The spokesperson insisted on the company’s commitment to “providing a safe and secure marketplace.”
“Since we allow active content on our site it’s important to understand that malicious content on our marketplace is extraordinarily uncommon, which we estimate to be less than two listings per million that use active content on the eBay marketplace,” the spokesperson explained.
AJ Dellinger is a seasoned technology writer whose work has appeared in Digital Trends, International Business Times, and Newsweek. In 2018, he joined Gizmodo as the nights and weekend editor.