Daily Deals

Security Researchers

eBay Customers

The form on this page is sent to a team that supports professional security researchers. The Security Research team does not have access to customer information or the ability to resolve customer issues. If you are not a professional security researcher, please use the following contacts to avoid delay with resolving your issue:

Resolve an issue with a buyer or seller: If you've already attempted to contact the member but were unable to resolve the problem, you can open a case at the resolution center: http://resolutioncenter.ebay.com/
Report a fake (spoof) email: http://pages.ebay.com/help/account/questions/report-spoof-email.html
Report an account theft: http://pages.ebay.com/help/account/securing-account.html
Report a fraudulent listing: At the bottom of every listing you will find a link saying "Report this item". That takes you to a form you need to fill in to tell us why you are reporting. This includes counterfeit or stolen items, or other suspected fraud.
eBay Motors related issue or questions: http://pages.motors.ebay.com/buy/security/index.html
PayPal related issue: https://www.paypal.com/us/contactus
Other issues not mentioned above, including password issues, issues logging in, or problems with the site, contact Customer Support: http://ocs.ebay.com/ws/eBayISAPI.dll?CustomerSupport.
Note: If you're having issues with logging in, you can always contact Customer Support using the "guest" option.

Professional Security Researchers

Our team of dedicated security professionals works vigilantly to keep customer information secure. We recognize the important role that security researchers and our community play in keeping eBay and our customers secure. If you discover a site or product vulnerability, please notify us using the guidelines below.

To encourage responsible disclosure, we commit that - if we conclude that a disclosure respects and meets all the guidelines outlined below - we will not bring a private action or refer a matter for public inquiry.

Guidelines for responsible disclosure

Share the security issue with us before making it public on message boards, mailing lists, and other forums.
We request that you wait until notified that the vulnerability has been resolved before disclosing it to others. We take the security of our customers very seriously, however some vulnerabilities take longer than others to resolve. There are several teams involved in working on these vulnerabilities depending on which site has the vulnerability and what function is being exploited.
Provide full details of the security issue, including Proof-of-Concept URL and the details of the system where the tests were conducted.

Do not engage in security research that involves:

Potential or actual damage to eBay users or systems or applications.

Use of an exploit

to view data without authorization

that involves the corruption of data.

Requests of compensation for the reporting of security issues either to eBay, or through any external marketplace for vulnerabilities, whether black-market or otherwise.

**FOR SECURITY RESEARCHER USE ONLY**

Information to gather prior to completing the reporting form:
Before submitting your report, please refer to the information we need to process a ticket. Tickets without complete information slow down our ability to repair the vulnerability and might not be processed until we receive the requested information.

Proof-of-Concept URL and the information of affected parameter
Detailed steps of reproducing the vulnerability
URL to screenshots to show Proof-of-Concept
Details of the system where the tests were conducted

Please note: Researchers who are the first to report a vulnerability with complete information will be the researcher acknowledged on our acknowledgment page once the vulnerability is repaired. If there are additional team members involved in researching the vulnerability you are reporting, please provide their name(s)and what their contribution was to the findings when submitting this report.

Enter your email address:

Enter your name:

Please provide details of the security bug

characters left. No HTML, JavaScript.

Acknowledgements

We thank all for their contributions, but from time to time, we will want to publically acknowledge and thank members of our researcher community on our Responsible Disclosure Acknowledgement Page (and elsewhere) for their contributions. We will contact you once the vulnerability you've reported has been resolved to ask you whether you would like your name to be displayed on this page.

About eBay Community Announcements Security Center Buyer Tools Policies Stores eBay Wish list Site Map eBay official time Preview new features Tell us what you think
Copyright © 1995-2013 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy.