Doc's eBay Motors Sucks Blog
Avatar
Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Lost password?
sp_Feed sp_TopicIcon
Security Breach Reveals eBay Purchases
Privacy flaw reveals sensitive purchase history
sp_NewPost Add Reply sp_NewTopic Add Topic
Avatar
Docas
Guest
Guests
1
07/25/2014 - 11:34 AM
sp_Permalink sp_Print sp_EditHistory sp_QuotePost

Buyers and sellers using the online marketplace eBay may be revealing far more than their interest in vintage furniture or video games. Researchers at the New York University Polytechnic School of Engineering and NYU Shanghai have discovered a privacy flaw that allows site visitors to view a buyer’s complete purchase history—including sensitive items like gun accessories and at-home medical tests for pregnancy or HIV.

ebay incKeith W. Ross, Dean of Engineering and Computer Science at NYU Shanghai and the Leonard J. Shustek Professor of Computer Science and Engineering at the NYU School of Engineering, presented the paper co-authored with doctoral candidate Tehila Minkus, “I Know What You’re Buying: Privacy Breaches on eBay” at the Privacy Enhancing Technology Symposium this week in Amsterdam.

Minkus and Ross began their inquiry when Minkus, herself an eBay user, was browsing the feedback section of a would-be purchaser’s eBay profile following a botched transaction. “Feedback as a Buyer” and “Feedback as a Seller” are essential features of the eBay marketplace, allowing users to leave comments on their purchase experiences to create trust and foster confidence during transactions.

While reviewing this particular buyer’s feedback, Minkus noticed that, with very little effort, she was able to obtain a list of all of his previous purchases. Further probing revealed a substantial privacy loophole in the eBay marketplace, one that can expose highly sensitive purchases, such as gun accessories or at-home medical tests.

“This breach can be exploited on a scale ranging from a snooping spouse or an employer investigating an individual’s buying habits to a large-scale, automated attack that could quickly link millions of people with their purchases,” Ross said. “This is exactly the kind of information that could be very valuable to marketers, cybercriminals, or even law enforcement officials.”

Read more here on Polytechnic's Website.

Forum Timezone: America/New_York

Most Users Ever Online: 52

Currently Online:
1 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Legitimate_Bidder: 19

NoneYa: 10

Not a Legitimate Bidder: 8

Old car guy: 3

tony1963: 1

Scam Alert: 1

Newest Members:

Craiggeows

Lastysfuts

EvgeniyAbipt

DiasmarC

Lillyvaf

cleoswank6

nangilyard

baiyu

gsjarvis

tcflyp

Forum Stats:

Groups: 1

Forums: 4

Topics: 70

Posts: 166

 

Member Stats:

Guest Posters: 24

Members: 39

Moderators: 0

Admins: 1

Administrators: Doc