When a third-party researcher uncovers evidence of a high-profile security bug that puts consumers’ account information at risk, the company in question rushes to the rescue with patches, updates and press releases. However, when researchers from security startup Check Point Software notified eBay of a potentially crippling malware protection flaw, they were surprised to hear radio silence.
Ars Technica reported that Vanunu and Check Point claim that they originally contacted eBay in mid-December about the flaw, but it wasn’t until Jan. 16 that they heard back. The news was surprising; eBay said it wouldn’t be issuing a fix for the flaw and provided no reasoning for the inaction.
An eBay spokeswoman reached out to PYMNTS.com and wrote: “It’s important to understand that malicious content on our marketplace is extraordinarily uncommon — we estimate it to be less than two listings per million that use active content on the eBay marketplace.”
“eBay is committed to providing a safe and secure marketplace for our millions of customers around the world,” the spokesperson told PYMNTS. “We take reported security issues very seriously and work quickly to evaluate them within the context of our entire security infrastructure. We have not found any fraudulent activity stemming from this incident.”