14 DAY TRIAL // eBay developer accounts may have been compromised by an unknown security flaw. On August 10, 2009, in an announcement from Kumar Kandaswamy, manager of the eBay Developer Program, the e-commerce giant revealed that a dangerous security flaw had been discovered in the Developer Program.
According to Mr. Kandaswamy, no sensitive financial information was stolen and no attack was registered, this flaw being discovered internally after several tests and investigations. The eBay representative said that “This type of access DOES NOT allow the capture of financial or other sensitive information, such as credit card or bank account information or Social Security numbers. Fortunately, we have not detected any unusual activity with any Developer account.”
Because eBay security experts couldn't determine whether someone had already used this vulnerability to access the eBay servers and gain account information, they've urged developers to change account passwords as soon as possible to avoid any kind of unpleasant situations.
The following instructions were issued by eBay, “Take advantage of our new, stricter password standards and change your eBay Developers Program (developer.ebay.com) passwords. It is not necessary to change eBay (www.ebay.com) passwords.”
Meanwhile, the security flaw has been patched and everything returned to normal. If a security breach is detected by developers, the following instructions are to be followed, as eBay's announcement states, “If you believe you or your customers have been the victim of fraudulent activity, contact us immediately at [email protected].”
The eBay Developer Program is an important resource in eBay's services, in this program, developers learning the eBay API to build and deploy different eBay-based widgets and web services.
eBay's actions and security inspections come as a natural, after several cases in recent years when hackers roamed around eBay servers without any problems. The most famous case was that of a Romanian hacker, “Vladuz,” who ridiculed eBay on countless occasions until his capture in April 2008.