Tuesday, October 23, 2007

Hacker uses public APIs to breach eBay

eBay has begun an audit of its IT systems after a hacker managed to access and disable user accounts.

The company said last week that the hacker exploited public application programming interfaces (APIs) that enable merchants to build e-commerce sites on top of eBay.

"This fraudster found very old administrative interfaces into the eBay system that had not been deactivated when we changed the security of our internal systems several years ago," a member of the company's trust and safety division said in a posting on an eBay blog. "We immediately identified the functions that were accessed and deactivated, and we are undergoing an audit to ensure obsolete code that may still exist for other reasons is secure."

Via (computerweekly.)

No comments: