Security

eBay server hacked via old administrative functions

A malicious hacker broke into an eBay server on Friday, temporarily suspending the accounts of a "very small" number of members.

A malicious hacker broke into an eBay server on Friday, temporarily suspending the accounts of a "very small" number of members.

Excerpt from Network World:

"We were able to block the fraudster quickly before any permanent damage had been done. At no point did the fraudster get any access to financial information or other sensitive information," eBay spokeswoman Nichola Sharpe said via e-mail.

EBay has "secured and restored" the affected accounts and is calling the affected users, she said, without specifying how many accounts the hacker accessed and tinkered with.

"The fraudster did this by accessing externally visible servers, not by hacking into the eBay site," Sharpe said.

IDG News Service noted that Sherpe didn't immediately reply to its follow-up question on what exactly constitutes an "externally visible" server and how it's different from a normal eBay server.

A report at Auction Bytes helped shed more light on the matter:

This fraudster found very old administrative functions that had not been deactivated several years ago when we changed the security of our internal systems. These functions were still accessible on public servers, while the rest of our functionality is now behind multiple layers of security.

You can read more about the incident at Auction Bytes, which first reported on this.

About Paul Mah

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

Editor's Picks

Free Newsletters, In your Inbox