- Angela Abar wrestles with destiny in ‘Watchmen’ episode 8 Sunday 9:05 PM
- Guy who runs Trump Organization Twitter account caught hyping up own tweet Sunday 4:51 PM
- People found out how tall Olaf is–and now ‘Frozen’ is terrifying Sunday 3:41 PM
- Rapper Juice WRLD dead at 21 Sunday 3:02 PM
- Embody Andrew Yang, fight other presidential candidates in video game Sunday 2:33 PM
- Ariana Grande spoke with TikTok teen who looks exactly like her Sunday 1:00 PM
- Beyoncé accused of paying dancers ‘low rates’ Sunday 11:58 AM
- Timmy Thick blasted for saying the N-word in comeback video Sunday 9:11 AM
- Netflix’s ‘The Confession Killer’ is a devastating and well-built portrait of a con artist Sunday 8:00 AM
- Swipe This! I’m ashamed to tell anyone about my online shopping habit Sunday 6:00 AM
- UPS facing backlash for thanking police after employee killed in shootout Saturday 5:02 PM
- Sanders campaign fires staffer after anti-Semitic, homophobic tweets surface Saturday 3:13 PM
- Brother Nature was attacked, says everyone just watched with phones out Saturday 2:45 PM
- Ryan Reynolds’ gin company hires Peloton wife for ad Saturday 1:24 PM
- Ex-vegan YouTuber accused of fraud after following meat-only diet Saturday 1:11 PM
There’s bad news and worse news for frequent bidders on eBay. The bad news is that the platform has a severe flaw that could allow through malicious attacks. The worse news? eBay reportedly knows about this flaw but won’t fix the issue.
The report of the issue came on Monday from Israeli security firm Check Point. According to the company, the vulnerability makes it possible for attackers to bypass eBay’s code validation process and remotely execute malicious code targeted toward eBay users.
The nature of this type of attack attack would leave users exposed to a considerable amount of potential harm, ranging from phishing attempts to data theft and stealth installations of ransomware downloads.
Check Point discovered the flaw on December 15, 2015 and reported it to eBay. On January 16, 2016, eBay reported back to the security outfit that it had no plans to address the vulnerability. As of yesterday’s blog post made by Check Point, the flaw was still live on eBay’s site.
Videos uploaded by Check Point appear to show the exploit in action.
In a statement to the Daily Dot, an eBay spokesperson said, “We take reported security issues very seriously, and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident.”
According to the spokesperson, eBay has been in touch with the researcher who spotted the issue and has “implemented various security filters based on his findings to detect this exploit.”
In the fourth quarter of 2015, eBay reported over 162 million active users on its platform. The spokesperson insisted on the company’s commitment to “providing a safe and secure marketplace.”
“Since we allow active content on our site it’s important to understand that malicious content on our marketplace is extraordinarily uncommon, which we estimate to be less than two listings per million that use active content on the eBay marketplace,” the spokesperson explained.
AJ Dellinger is a seasoned technology writer whose work has appeared in Digital Trends, International Business Times, and Newsweek. In 2018, he joined Gizmodo as the nights and weekend editor.