After being informed by a Canadian Security expert, Ebay quickly moved to close a "very serious" security hole in its software by disabling the change password option.
The security hole could allow anyone to change any Ebay user's password just by knowing the Ebay account ID number-- a number easily obtainable by clicking on a user's profile. Security experts claim it is startling that Ebay let such a risk exist.
This is the latest security breach in Ebay's account management. Earlier last week Ebay reported that hackers were compromising Ebay accounts using brute force attacks. Ebay is hoping to have a security patch available in four to six weeks.
