eBay customers need to be extra cautious when accessing their account activity, personal information and stored messages. Research from Comparitech.com has found that many pages on the site, which require user input or contain their personal info, are not HTTPS encrypted.
While eBay does use HTTPS on its most critical pages, such as those where payment or address information is entered, it still lacks encryption on several sensitive pages. When customers send and receive messages from sellers, for example, their communications are not sent over a private channel. Not only could a hacker intercept and read messages, they could modify them in what’s known as a “man-in-the-middle” attack. This could lead to fraud or spam being sent from user accounts.
A blog can be found here and discusses in full how:
- eBay does not use HTTPS on its My eBay dashboard, nor on its business-to-customer message pages.
- As a result, private customer information and messages are not sent over private channels, thus the information is vulnerable to hackers.
- eBay’s lack of encryption on these pages could be insufficient to meet data privacy standards, including the upcoming GDPR.
- A VPN can mitigate the risks that arise from the lack of HTTPS on these pages.
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…