Buyers and sellers using the online marketplace eBay may be revealing far more than their interest in vintage furniture or video games. Researchers at the New York University Polytechnic School of Engineering and NYU Shanghai have discovered a privacy flaw that allows site visitors to view a buyer’s complete purchase history—including sensitive items like gun accessories and at-home medical tests for pregnancy or HIV.
Keith W. Ross, Dean of Engineering and Computer Science at NYU Shanghai and the Leonard J. Shustek Professor of Computer Science and Engineering at the NYU School of Engineering, presented the paper co-authored with doctoral candidate Tehila Minkus, “I Know What You’re Buying: Privacy Breaches on eBay” at the Privacy Enhancing Technology Symposium this week in Amsterdam.
Minkus and Ross began their inquiry when Minkus, herself an eBay user, was browsing the feedback section of a would-be purchaser’s eBay profile following a botched transaction. “Feedback as a Buyer” and “Feedback as a Seller” are essential features of the eBay marketplace, allowing users to leave comments on their purchase experiences to create trust and foster confidence during transactions.
While reviewing this particular buyer’s feedback, Minkus noticed that, with very little effort, she was able to obtain a list of all of his previous purchases. Further probing revealed a substantial privacy loophole in the eBay marketplace, one that can expose highly sensitive purchases, such as gun accessories or at-home medical tests.
“This breach can be exploited on a scale ranging from a snooping spouse or an employer investigating an individual’s buying habits to a large-scale, automated attack that could quickly link millions of people with their purchases,” Ross said. “This is exactly the kind of information that could be very valuable to marketers, cybercriminals, or even law enforcement officials.”
Read more here on Polytechnic's Website.
Most Users Ever Online: 52
Currently Browsing this Page:
Not a Legitimate Bidder: 8
Old car guy: 3
Scam Alert: 1
Guest Posters: 24