If you use eBay to shop online, you might be in for a nasty surprise. The online megastore was recently targeted by hackers who exploited a flaw in its e-commerce system. And even worse news? The personal information of millions of users is now vulnerable and up for grabs.
This flaw is within the Magento operating system that handles the payment and transaction portion of eBay. This means that hackers could potentially steal shoppers' credit card numbers and payment information like personal addresses.
Not only can hackers access your payment information, but they can hypothetically take over and run the entire site. They could charge customers, liquidate products and control every action the site takes. There hasn't been any official statement, but there has been mumblings of the hacker's IP addresses coming out of Russia.
"In less than 24 hours since the disclosure, we have started to see attacks via our WAF logs trying to exploit this vulnerability. It seems to be coming from a specific crime group, since they all look the same," said
The company who originally found the flaw Check Point hacked into eBay themselves and demonstrated how it could control functions on the site. It even changed the price of a $100,000 watch, just to show the seriousness of the issue.
Among the 200,000 companies that use the e-commerce platform are major corporations, like Men's Heath, Samsung, Nestle Nespresso, Vizio and Ford, who get millions of customers themselves.
Magento issued a patch earlier this year after being contacted by Check Point, but hackers figured out how to navigate around it quickly. There is not much that you can do to protect yourself from hackers exploiting this flaw. Just remember to remain vigorous with checking your bank account statements and report any seemingly fraudulent activity immediately.
Share your story below if you suspect that you're a victim of the Magento hack. And check back here to see if there have been updates or permanent fixes.