It’s not the first time eBay has had to patch security holes on its eCommerce platform, Magento, but the online marketplace company has once again cleaned up vulnerabilities that could have provided hackers the opportunity to steal data.
This time around, three security vulnerabilities were discovered by Vulnerability Lab’s Security Researcher Hadji Samir, according to a ZDnet report, which identified the security flaws that were used on the platform eBay uses to enable online shopping and transactions. The researcher deemed the vulnerabilities to be “medium” flaws, the report said.
Magento, which is used and owned by eBay, is an eCommerce software and platform used by many leading brands.
Among the three security vulnerabilities includes a CSRF flaw, which allows hackers to conduct “client-side account theft by hijacking, client-side phishing, client-side external redirects and the non-persistent manipulation of affected or connected service modules,” Samir said.
Data released in April by Check Point Software Technology showed that there may have been a “massive vulnerability” in the Magento eCommerce Platform that could have a significant impact on the security of the eCommerce Market. eBay had fixed the flaw before it was publicly reported on, but that didn’t stop the research group from reporting on the impact of that security flaw.
In April, Check Point said that their Malware and Vulnerability Research Group discovered gaps in eBay’s Magento eCommerce platform that could impact as many as 200,000 online shops.
“As online shopping continues to overpower in-store shopping, eCommerce sites are increasingly targeted by hackers as they have become a gold mine for credit card information,” said Shahar Tal, Malware and Vulnerability Research Manager at Check Point Software Technologies. “The vulnerability we uncovered represents a significant threat not to just one store, but to all of the retail brands that use the Magento platform for their online stores – which represents about 30 percent of the eCommerce market.”
To check out what else is HOT in the world of payments, click here.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More