The article is completely overblowing this, borderling lying. Ebay was not hacked. The BBC should be ashamed and take the article down:
EBay has been compromised so that people who clicked on some of its links were automatically diverted to a site designed to steal their credentials.
But the image caption says the truth:
A listing for an iPhone 5S contained code that resulted in users being sent to a scam site
Those are *completely* different issues. A link is not a hack! The article goes on to make up more garbage:
The article says "a security researcher" but they never say the persons name or credentials. I bet there was no researcher. It sounds more like a friend of one of the reporters saw this scam link, Googled some search terms and came-up with "XSS" then suddenly became a security researcher.