Ebay was aware of security hole for months, claims security expert

He noted that the online auction company had been aware of the problem since February but apparently: “had not got proper control of the situation” - a situation Cluley said was “embarrassing for them”.

In response to our query a spokesperson for the online marketplace, commented: “Cross-site scripting, carried out by malicious individuals, is an issue affecting sites across the Internet.

"This is not a new type of vulnerability on sites such as Ebay and is related to how sellers use active content like JavaScript and Flash on our site. Many of our sellers use active content like JavaScript and Flash to make their Ebay listings perform better.”

Asked what Ebay could do to rectify the problem Cluley said that he did not see the need for users to be able to add flash and JavaScript to their ads just to “pimp up their listings,” and added that from a security point of view, “you don’t need dancing penguins to sell a product”.

However, an Ebay spokesperson told The Drum: “We have no current plans to remove active content from Ebay. However, we will continue to review all site features and content in the context of the benefit they bring our customers as well as overall site security.”

The statement continued: “We have hundreds of engineers, security and fraud specialists working around the clock to detect and take action against security issues, including cross site scripting links,” and urged users who detected phishing issues to report them to the site's administrators.

Ebay has experienced technical difficulties with its website this month, leaving many users unable to log-in.