ebay hacked | Breaking Cybersecurity News | The Hacker News

It's not been more than 36 hours since eBay revealed it was hacked and we just come to know about three more critical vulnerabilities in eBay website that could allow an attacker to compromise users' account once again, even if you have already reset your account password after the last announcement. Yesterday eBay admitted to the massive data breach that affected 145 million registered users worldwide after its database was compromised. eBay urged its 145 million users to change their passwords after the cyber attack, but are passwords enough? eBay Data breach happened mainly because of their vulnerable infrastructure, not weak passwords. I think eBay's morning just going to be bad to worse as today, three Security researchers came forward with three more different types of critical flaws in eBay website that leave its 145 million users vulnerable to hackers. HACKER UPLOADED SHELL ON eBAY SERVER (UNPATCHED) A critical security flaw in the eBay website for i

If you have an eBay Account then you should change your password immediately, because the World's biggest E-commerce company with 128 million active users announced today in a press release that it had been Hacked. eBay revealed that attackers compromised customers' database including emails, physical addresses, encrypted passwords and dates of birth, in a hacking attack between late February and early March, but financial information like credit card numbers, as well as PayPal information were stored separately and were not compromised. ' After conducting extensive tests on its networks ,' They also said they've found no evidence of unauthorized access or activity by registered eBay users, but as precaution, eBay is resetting everyone's passwords that ' will help enhance security for eBay users. ' Why did eBay wait so long to tell everyone? because just two weeks ago they discovered data breach . They conducted a forensic investigation of its compu

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or