A security researcher, who last week uncovered a vulnerability in eBay’s website that allowed hackers to steal the personal details of 233 million customers, has discovered a second vulnerability.
British university student Jordan Lee Jones, from Stockton-on-Tees, notified eBay of the second vulnerability on Friday, by email. However, it still was not fixed by Monday, so he published details of the flaw on his blog.
Jones told technology news website PCWorld that the vulnerability is a ‘cross-site scripting flaw’, which means that code from another source has been executed within the eBay website.
This could allow hackers to collect cookies – small files that contain snippets personal data – from logged-in eBay users who visit a page that has been injected with the attack code.
Jones uploaded a screenshot showing that he was able to create a pop up box on eBay’s labs webpage using this technique.
Hackers have already stolen so much data from the website and this new vulnerability seriously a big question to eBay how secure they are.