Skip to main content /TECH with IDG.net
CNN.com /TECH
CNN TV
EDITIONS





eBay patches password-security problem

PC World
graphic


By Sam Costello

(IDG) -- Online-auction powerhouse eBay closed a security hole in a password-maintenance feature late Tuesday that could have allowed attackers to take over a user's account and commit fraud.

The vulnerability existed in the feature that allowed registered eBay users to change the passwords that they use to log into the site, according to Kevin Pursglove, senior director of communications at the San Jose, California, company.

Though the "change your password" feature was taken offline around 5 p.m. Pacific time Tuesday due to the security hole, the feature has since been fixed and put back online, he says.

IDG.net INFOCENTER
Features
Visit an IDG site


The hole would have allowed an attacker who knew the publicly available name that an eBay member bids under, to change that user's password, thereby taking over the account, Pursglove says.

Minimal damage

eBay was first notified that the attack was possible by a user on March 27 or 28, Pursglove says. Users who attempted to change their passwords after the service was disabled got error messages, he adds.

Although the potential existed for attackers to have access to accounts, no credit card or personal information would have been available to them, because that data is stored on separate servers and behind separate firewalls, Pursglove says.

eBay is "in the process right now of reviewing all the password changes that have come in to us recently," Pursglove says, adding that the company has not yet received any user reports of fraud or account hijacking related to the vulnerability.

The company is "still in the process of reviewing" how the hole occurred, he says.

eBay users have been hit with other account troubles recently. Some users have reported having their accounts hijacked in recent months, though Pursglove says those incidents are unrelated to Tuesday's security hole.


 
 
 
 


RELATED STORIES:
RELATED IDG.net STORIES:
RELATED SITES:
• eBay Inc.

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.



 Search   

Back to the top