Flaw in eBay lets your spouse know what you are buying

E-commerce

by CBR Staff Writer| 21 July 2014

Researchers uncovered the sales records for more than 228,332 individuals, out of which 35,268 could be linked directly to Facebook.

Researchers at the New York University (NYU) have found a major security flaw in eBay that can expose the purchase history of a buyer to any site visitor.

According to the paper, titled "I Know What You're Buying: Privacy Breaches on eBay", the purchase history of the buyer can include sensitive products like at-home medical tests for HIV or pregnancy and items including gun accessories.

eBay has a public section named "Feedback as a Buyer", where seller can post a comment about the buyer.

According to the research, 70% of sellers give feedback for buyers, but the researchers claimed that a user does not need to register their name in order to see the section which is entirely public.

The researchers also added that by going to a seller's feedback page, one can match the time stamp of the sale and identify the purchased item.

NYU Shanghai's Dean of Engineering and Computer, Keith Ross, said: "This breach can be exploited on a scale ranging from a snooping spouse or an employer investigating an individual's buying habits to a large-scale, automated attack that could quickly link millions of people with their purchases.

"This is exactly the kind of information that could be very valuable to marketers, cybercriminals, or even law enforcement officials."

Tehila Minkus, co-author of the study, said: "This privacy loophole can provide leads for law enforcement or private investigators looking for unregistered gun owners, but it can also give private information to background-check providers or data aggregators who want to include gun ownership in their records."

The researchers recommended that eBay users use two separate accounts: a public account for selling goods and a private account for purchasing.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

E-commerce Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.