Warning: Huge eBay Security Flaw - eBay Suspended & PayPal Limited Forums
eBay Suspension & PayPal Limited Forums  
Join Today
Register Subscribe
     

Registration is fast, simple and absolutely free so please, join our community today!


Go Back   Home > Marketplace Discussions > eBay Discussion!

eBay Discussion! EBay Forum. News, Updates, or Anything eBay is Welcome. A kind of lounge if you will.

Reply
 
Thread Tools
  #1  
Old 03-26-2008
imjustme's Avatar
Executive [VIP]
 
Join Date: Aug 2007
Posts: 2,753
Thanks: 1
Thanked 510 Times in 257 Posts
Activity: 0%
Longevity: 96%
iTrader: (0)
Default Warning: Huge eBay Security Flaw

There seems to be a huge security flaw going on at eBay right now. Before I write this, I have to state that I use Firefox and I *always* clear all cookies, both automatically and manually, when my browser closes AND when it starts up.

I just logged into one of my accounts and found myself logged into another username I have never heard of, but apparently someone who lives in the same city as me, in Japan.

How is that possible? I have no idea, but I was able to check his listings, even edit them (if I wanted to, but I didn't). I could check the closed listings, the customer information, when they paid, etc. I could also see his private address and phone details, even the credit card details (as far as eBay shows).

I only use my computer at home, so I'm not on a public computer that could have had traces of cookies. The only thing I'm thinking it could be is that eBay's cookie system recognized the same IP (I was on dialup) that he used before and logged me into his account based on that.

I then logged off that dialup connection and back in with a different provider that gave me a different IP, then I had no problems getting into my own account fine. I logged back off and on again with the other provider's same IP and again, it logged me into the other eBayer's account, again giving me full access.

I am thinking this is a huge security flaw at eBay that needs to be addressed as soon as possible, but I don't want any attention from eBay to my own account, so I'm not going to be reporting it, at least not from my own account.

Just a heads up, be careful guys! Something is fishy. I worked in the IT industry as a programmer for many years, so I know my way around cookies and servers even if I was blind. Believe me, this is not something on my end. It's on eBay's end and it's a security flaw ...and a bad one. Their cookie system is logging customers into their account based on IPs. That's baaaaaad.
Reply With Quote
The complete step-by-step guide to get back to selling today!

  #2  
Old 03-26-2008
Junior Member
 
Join Date: Mar 2008
Posts: 54
Thanks: 2
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 91%
iTrader: (0)
Default

this is shocking...
Reply With Quote
  #3  
Old 03-26-2008
Junior Member
 
Join Date: Jan 2008
Posts: 1,149
Thanks: 0
Thanked 16 Times in 10 Posts
Activity: 0%
Longevity: 92%
iTrader: (0)
Default

Good grief, that's not good at all.
Shame it didn't log you into a dormant account from '03 =)
Reply With Quote
  #4  
Old 03-27-2008
jscan's Avatar
Executive [VIP]
 
Join Date: Jan 2008
Posts: 649
Thanks: 3
Thanked 10 Times in 9 Posts
Activity: 0%
Longevity: 92%
iTrader: (0)
Default

thats disgusting, imagine if that happened and some Nigerian scammer got hold if your details. the sooner eBay has a real competitor the better for all of us
Reply With Quote
  #5  
Old 03-27-2008
aspkin's Avatar
Administrator
 
Join Date: Jan 2007
Posts: 10,884
Thanks: 2,927
Thanked 3,821 Times in 1,619 Posts
Activity: 59%
Longevity: 100%
iTrader: (25)
Default

That is pretty bad... is it still happening?
__________________

Notice: Do not PM me. I get too many PMs to answer.
Please go to https://support.aspkin.com and submit a ticket instead.
Reply With Quote
  #6  
Old 03-27-2008
imjustme's Avatar
Executive [VIP]
Threadstarter  
 
Join Date: Aug 2007
Posts: 2,753
Thanks: 1
Thanked 510 Times in 257 Posts
Activity: 0%
Longevity: 96%
iTrader: (0)
Default

As of 5 minutes ago, I could still log onto that IP and get logged into his account. He's a quite active seller in the same time zone, so I'm thinking while he's on and I'm using the same IP, I can log in anytime...
Reply With Quote
  #7  
Old 03-28-2008
Jonas's Avatar
Senior Member
 
Join Date: Apr 2007
Posts: 1,959
Thanks: 5
Thanked 19 Times in 17 Posts
Activity: 0%
Longevity: 98%
iTrader: (0)
Default

Are you only able to log into that one person's account and nobody else's?
Reply With Quote
Reply



Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Warning! eBay and Skype share credit card details. imjustme eBay Suspensions 12 03-23-2008 02:35 AM
Feedback score to play a huge role in the future hepper65 eBay Discussion! 5 01-29-2008 12:33 PM
huge list of designer receipts & templates for sale SECondplaygames Subscriber Discussions 10 01-05-2008 12:24 PM
Any flaw in the suspension guide? asian4dude eBay Suspensions 2 01-05-2008 08:15 AM
Huge problem - new ebay account created! KeithL07 eBay Suspensions 4 08-06-2007 07:14 PM


Aspkin Group

All times are GMT -5. The time now is 11:17 PM.


Stop the guessing games and learn how you can quickly and easily get back on eBay today!
Read the best selling step-by-step eBay Suspension guide eBay Stealth!
Amazon Suspension? Read Amazon Ghost to get back on Amazon!
vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Ad Management by RedTyger
no new posts