Though eBay told users to change their passwords once the e-commerce giant discovered that hackers compromised a database containing encrypted passwords and other non-financial data, security troubles continue to plague the company. 19-year-old Jordan Lee Jones, a college student and security researcher, discovered a second vulnerability that could be used as a means to hijack user accounts.
Reported by PC World, Jones detailed the vulnerability on his blog on Monday after he didn’t hear back from eBay on Friday regarding the flaw. The second vulnerability could allow a hacker to fill a page with malicious code that would take your cookies. This would then allow the hacker to gain access to your account.
Jones said that “eBay should be on top of their stuff.” The company asks security researchers to withhold their findings until the flaw is fixed, though it’s not illegal for researchers to disclose a vulnerability. Jones was added to a list of security researchers that have helped eBay after he discovered a vulnerability that allowed him to deface part of the website. It has taken measures to defend itself against that vulnerability, though eBay has not uttered a word about Jones’ recently-discovered vulnerability to this point.