It’s been one issue after another with eBay lately. About a week ago, eBay’s Trust and Security forums got flooded with several pages of posts containing account information for over 1,200 eBay users. A person named Vladuz took responsibility for that issue, and now the same person has claimed responsibility for the most recent hack. According to Ars, the hacker “infiltrated an eBay server and disabled accounts of several members of Friday.” He was able to do this because of eBay’s carelessness which is simply unacceptable.
Surprisingly, eBay has acknowledged what happened and made a public post in their forums regarding it. They’re not exactly known for being up-front with their users which they’ve been criticized for in the past. In the post, they apologized that some of the regular posters on the board were targeted (likely because they have openly complained about Vladuz in the forums), and said that they were working with global law enforcement authorities to “bring this fraudster to justice.”
As mentioned, this latest incident happened because of eBay’s carelessness. According to an eBay rep, “This fraudster found very old administrative functions that had not been deactivated several years ago when we changed the security of our internal systems. These functions were still accessible on public servers, while the rest of our functionality is now behind multiple layers of security. We immediately identified the functions that we accessed and deactivated, and we are undergoing an audit to ensure obsolete code that may still exist for other reasons is secure.”
With one problem after another, it seems reasonable for anyone to ask “Is my eBay account safe?” eBay was quick to point out that no financial information was accessed, but that doesn’t mean that it couldn’t happen in the future. At least they didn’t ignore the issue this time and leave everyone to speculate like they have in the past…