Last week, I warned you about a major data breach at eBay that potentially affects 128 million users. Because of it, you need to change your eBay password, keep tabs on your banking statements and other accounts.
Well, things aren't looking any better for the auction giant this week.
A security researcher has uncovered another major flaw that could let hackers steal your eBay login. All you have to do is visit a hacker-created website or auction listing while you are still logged in eBay.
Many of us are guilty of this. We log in one site and then, move to another site without logging out of the first site. That's the problem with this latest eBay threat.
When you visit another site, the hackers can steal your eBay account cookie that says you're logged in. (If you're not sure how cookies work, no problem. Click here to learn more about cookies and how advertisers use them to track you.)
Once the hackers have the eBay login cookie, they can easily trick eBay into thinking that they are you. From there, the hackers can make fraudulent purchases, or steal your account information directly.
You won't even know it's happened.
Until eBay fixes the problem, your best bet is to log out of your eBay account and stay logged out. That way, even if a hacker steals your eBay cookie, it won't help them.