Israeli firm uncovers eBay security flaw

Israeli cybersecurity firm Check Point revealed Tuesday that is has discovered a serious flaw in online e-commerce giant eBay’s security, allowing hackers and cyber criminals to use malicious code to target users and steal their online information.

According to Channel 2 News, eBay currently has 160 million registered users worldwide, all of which are at risk.

Check Point, which posted its discovery on the company blog, believes that unless eBay acts to rectify this vulnerability immediately, “eBay’s customers will continue to be exposed to potential phishing attacks and data theft.”

The company had informed eBay of its discovery on Dec. 15, but as of Jan. 16, the e-commerce giant said it “has no plans to fix the vulnerability,” Check Point said.

According to Check Point, all a hacker needs to do to launch a malicious attack is to set up an eBay store, from which he can send users legitimate-looking links that contain malicious code.

This is the second time eBay has been hacked: In May 2014, the platform informed users its servers had been hacked and their information had been compromised, and while it insisted there was no evidence financial information was accessed, it urged all users to change their passwords.

Responding to Check Point’s warning eBay said: “As a company, we are committed to providing a safe and secure trading platform to our millions of customers worldwide. We take reports suggesting security issues very seriously and work quickly to assess them, as part of our security infrastructure. We consistently adapt our security systems and maintain a responsible system, where we partner with the researchers indicating such issues exist.”

This is not the first time Check Point has warned of security vulnerabilities in popular user interfaces.

In August, the cybersecurity company discovered a flaw in the popular phone messaging application WhatsApp, which allowed hackers to send users vCard contact files infected with malware.

Check Point reported the issue to Facebook, which owns WhatsApp, on Aug. 21 and the flaw was fixed within days.