More than a week after it was first discovered, eBay has fixed a flaw
in their sign-on page. The flaw gave phishers an easier and “more trustworthy” way of snagging logins from people, due to it allowing them to direct a user to the official login page but send the credentials somewhere else:
The vulnerability was noteworthy because it led users to eBay's official login page first, unlike most phishing attacks, which direct victims to a spoofed URL. Once a user entered a valid user name and password on the eBay site, however, the exploit redirected the person to a third-party site of an attacker's choosing.
Apparently, eBay has been aware of it internally for longer. Regardless, as of Thursday the issue was addressed. This isn't eBay's only current concern, who also is contending with numerous other security issues and accusations of severe flaws system-wide. As the article mentions, their slow response time doesn't make anybody feel better about the situation. Being that eBay
and PayPal are some of the biggest targets of phishing, it would behoove them to hire a large enough security staff to combat these issues quicker.