It could be either or both. Although to be honest, for a high profile site such as eBay, its very unlikely to be the latter since they no doubt get everything including the kitchen sink thrown at their infrastructure by mischievous individuals every single day.

The fact of the matter is that exploits come thick and fast as innovative new techniques emerge from ever creative minds. Once your infrastructure grows to the size of eBay it all becomes one big game of cat and mouse... because updates take so long to roll out - both due to the testing process in staging before rolling out to production, as well as the sheer number of assets across your estate that need to be updated.