John Leyden reports:
A serious vulnerability that potentially allowed shoplifters to empty eBay ProStores shops and swipe customer credit cards has been fixed – according to the security researcher who says he found the hole.
Mark Litchfield, an infosec pro at Securatary, told us he discovered a flaw in eBay-owned ProStores that not only opened the door to store account hijackers, but also leaked “full access to all their customers PII [Personally identifiable information] as well as their full credit information in clear text.”
Read more on The Register.
Why was full credit information in clear text? Paging the FTC to Aisle 4….