EBay Requires Developers to Change Their Account Passwords

Members of the eBay Developers Program must change their account passwords because the e-commerce company recently discovered a way in which account information could be accessed by malicious hackers.

This requirement comes "out of an abundance of caution" on the part of eBay, which hasn't detected any suspicious activity in developer accounts, the company said Monday evening in a blog post.

"This type of access does not allow the capture of financial or other sensitive information, such as credit card or bank account information or Social Security numbers," wrote Kumar Kandaswamy, head of eBay's developer program and platform product.

In the brief blog post, eBay doesn't say when it discovered this security vulnerability, nor in what it consists of, so it's not clear if the problem lies with eBay back-end systems or if it involves a concerted, external phishing attack.

It's also not clear what type of account information is vulnerable to fraudsters, nor why eBay is only requiring developers to change their passwords as a defensive measure.

The security warning comes as eBay gets closer to launch the new version of Selling Manager, the set of eBay tools used by thousands of merchants which will soon feature for the first time applications from external developers.

In April, eBay opened Selling Manager broadly as a platform to all interested external developers, with the plan to make the applications available to merchants at some point this summer.

EBay has about 87,000 external application developers and about 700,000 merchants.

EBay didn't immediately respond to a request for comment.

Subscribe to the Security Watch Newsletter

Comments