Your eBay password may be at risk!
London: A report has revealed that eBay had been compromised following an online attack that placed malicious Javascript code within its product listing pages. People who clicked on some of its links where automatically directed to a spoof site that looked like the website's welcome page.
The spoof website then asked for the users' eBay usernames and passwords. The technique used to hack the website is known as cross-site scripting (XSS) and is one of the top 10 vulnerabilities that website owners should be concerned about, reported the BBC.
The report said that the U.S.-based firm was alerted about the hack on Wednesday night but the malicious listings were removed more than 12 hours later.
The fake page that the users landed on after clicking some of the links had the potential to carry out further malicious actions.
A spokesperson for eBay downplayed the scope of the attack.