Further coding flaws in the eBay website have been reported as allowing users to be exploited to trick customers into handing over personal data.
According to BBC News, leading security researchers have called on eBay to take immediate action over dangerous listings, as the problem continues to put users at risk. It said it has identified more than 100 listings that had been exploited to trick customers into handing over personal data.
The BBC found that user accounts were hijacked in order to place the fake listings, and many of the accounts had 100% positive feedback, and had sold hundreds of items. One victim who had his account hijacked told the BBC he was locked out of his account – and later billed “around £35” by eBay to cover seller’s fees for items he had not auctioned.
Also when customers clicked on a listing that had been compromised, they were brought to a sophisticated, official-looking site that asked victims to log in and share bank account details.