An Egyptian security researcher ” informed about this vulnerability 4 months ago, which could be used by the cyber criminals in the targeted attacks. The only thing you required is the login email ID or username of the victim you want to hack. The company has already patched the vulnerability after Yasser responsibly disclosed the flaw to the eBay security team. But, this 4 months delay in delivering the patch could have compromised millions of eBay users’ accounts in a targeted attack, even if you had changed your password after the data breach.
Source: https://thehackernews.com/2014/09/hacking-ebay-accounts.html