eBay has been called upon to take immediate action over dangerous listings, a problem that has existed for several months putting users at risk.
BBC has identified over 100 listings that had been exploited to trick customers into handing over their personal data.
It seems eBay is slow to act since this matter has been raised by many users some of whom got in touch with BBC saying they had had attempted to warn eBay about the problem. eBay simply said it would continue to review all site features and content.
According to BBC innocent users accounts have been hijacked in order to place fake listings and one victim said he was locked out of his account.
BBC went further to say that when customers clicked on a listing that had been compromised, they were brought to a sophisticated, official-looking site that asked them to log in and share bank account details, and that the types of items used to target victims range from televisions and smartphones to hot tubs and clothing.
They said they have no plans to remove active content from eBay but will continue to review all site features and content in the context of the benefit they bring their customer as well as overall site security.
This stance put eBay on the spot with security professionals queuing up to criticize its security practice.
Mikko Hypponen of F-Secure said it is not right for eBay to have cross-site scripting vulnerabilities on its site.
“If they can’t make it work without the risk of exposing users to cross-site scripting, they shouldn’t allow it,” he said.
And Joss Wright, a security expert from the Oxford Internet Institute, said in light of the problems, eBay needs to have a serious review of its practices in order to maintain trust.
He however said the site faces difficulty in making sure it remains easy for its customers to use while maintaining a high level of security.
“It’s going to be very hard for eBay to secure that without severely hampering their user experience,” Joss said.
“But I think they need to move their balance a lot further towards security than they currently are,” he concluded.