Primarily Petroliana Shop Talk Forums Non-Petro Discussions Non-petro Discussion and Showcase eBay Security threat documented

Norse-Corp (they have a site which you can see the article) has recently written of a potential (hacking) attack on eBay users which eBay seems to be shrugging their shoulders on this. Do not use eBay on any public WiFi connections - laptop or SmartPhone (we all know the dangers of public wifi...). In a nutshell the attacker could basically get into your account and take control of your eBay buying/selling capabilities as well as see all profile info. Just FYI.
(pls be careful out here)..
regards, cog

If somebody steals a password from a user because they were on an insecure network, (public WiFi) it is not really eBay's fault. It is not "hacking" but is spying or theft at the users local level. It is an electronic way to look over your shoulder to get your password.

Anyone who logs in to a password protected Web site, should always be on a secure network and their own device. Using a public computer, a public WiFi network or a computer that is not virus and malware clean and protected is very risky.

If you're concerned about Ebay security, then call Paypal and ask for a security key. They can tie it to your ebay account too, and you will have virtually foolproof protection.
Every time I sign into either account, I enter my password, and then I press the button on the security key and a 6 digit number appears. I then have to enter that number within 30 seconds or I don't get in. Kind of makes for a hassle when I leave town and forget the key, but the extra hassle is worth it for the piece of mind.
I had my Paypal account hacked once and emptied and several bogus items charged, but I caught it right away, and Paypal took care of all of it and talked me into this security key. Best move I ever made!

I will comment further and then leave this alone. I agree with Jim that using any sites on public wifi is not a good idea (like when that auction is gonna end while I am in the hotel attending that next G&O show). The problem is the ebay site (not paypal). They use SSL (https - see the lock icon when entering the user/pwd) for initial authentication. Then the ebay site takes SSL (lock - encryption) away - all subsequent traffic is now naked. That is the problem. My primary point in all of this is that you can't falsely trust since the SSL (lock) was is place when user/pwd was entered and think that you are then safe for public wifi. Hack pgms can hack your session. The fob that Kevin (thx for this as I had not even thought about 2-factor on this and apparently neither did Norse -lol) spoke of above will not save you here. The fob is a form of 2 factor authentication (meant to help in terms of a potential password compromise in the first place usually timed ~ X seconds). If someone is at an Iowa or CBus hotel (with FREE open wifi --whoo-hoo) watching traffic they can still highjack your session - even with using the fob and 2 factor authentication. This is a problem and needs to be fixed. I simply am warning you all on this and care not for any of the good folks here to get burnt. I recommend for you to look up the article and read it yourself. regards, cog

Here is the online article that cog mentioned.

http://blog.norsecorp.com/2015/02/06/ebay-says-csrf-vulnerabilities-are-an-accepted-business-risk/

I use the fob login tool that Kevin mentioned. It is an extra step, but it is worth it. I've never had a problem.