College Student Discovers a Second Ebay Security Flaw

We may earn a commission from links on this page.

Just a few days after discovering a flaw that compromised millions of user accounts, a 19-year-old British college student found another flaw in Ebay's website. It's not as bad as the one that forced pretty much everybody to change their Ebay passwords. But it's not good, either.

The second vulnerability affects the way that Ebay handles code from other sites, say, the Javascript that makes that auction listing look so pretty. Said teenager, Jordan Lee Jones, says that a flaw could let a hacker inject a page with malicious code that would steal a user's cookies. That, in turn, gives the hacker the opportunity to hijack the account.

Jones apparent contacted Ebay on Friday about this second flaw, but when he still hadn't heard back from them, he went ahead and published details on his blog on Monday. "Ebay should be on top of their stuff," he told PC World soon thereafter. At the very least, Ebay should pay attention to the white hat hackers who are trying to help them.


If you're wondering what you can do about this new flaw, the answer is unfortunately: not much. It's on Ebay to fix the vulnerability in their new code, and as long as you changed your password last week, you should be okay. On a related note, a new statistic just revealed by security researchers says that about 50 percent of Americans have been hacked in the last 12 months. So get used to it. [PC World]