The British website of online retailer eBay was compromised through a cross-site scripting (XSS) vulnerability, exploited to steal customersâ€™ login credentials, according to the BBC.
The incident was first reported by Paul Kerr, an IT worker from Scotland who contacted eBay and was told that the matter would be considered â€œof the highest level of securityâ€.
However, the company was criticized for its 12-hour response time in fixing the issue.
“eBay is a large company and it should have a 24/7 response team to deal with this – and this case is unambiguously bad,” said Steven Murdoch from University College London’s Information Security Research Group.
In a statement, the retailer said the issue only affected one item listed on the UK site, information questioned by the BBC.
â€œThis report relates only to a â€˜single item listingâ€™ on eBay.co.uk whereby the user has included a link which redirects users away from the listing page,â€ a spokesperson said. â€œWe take the safety of our marketplace very seriously and are removing the listing as it is in violation of our policy on third-party links.â€