Hacktivist group the Syrian Electronic Army claims to have been responsible for defacing the homepages of eBay and PayPal in France, Israel and the UK with its groups logo, but denies targeting any customer account data.
“We didn’t do it to hack people accounts,” SEA member Th3 Pr0 told the publication Mashable.
Representatives for the group said they had compromised eBay’s domain manager and were able to shut down the website and redirect visitors to another server and display the group’s logo on the eBay and PayPal homepages for about half an hour.
“For a brief period today, a very limited number of people visiting certain PayPal and eBay marketing pages in the UK, France and India were redirected,” confirmed PayPal’s senior director of global initiatives Anuj Nayar.
“The issue was quickly detected and resolved. No customer data was accessed by these redirects, and no customer accounts were affected. We take the security and privacy of our customers very seriously and are actively investigating the reasons behind the temporary redirects.”
Prior to PayPal’s confirmation, the SEA had provided screenshots that were asserted to show server control panels for eBay and PayPal websites in France maintained by online brand-protection provider MarkMonitor, which said they take “security very seriously” but declined to comment on the attack specifically.
Th3 Pr0 did not disclose how the SEA succeeded in the attack, but they are known for using spear-phishing and other social engineering techniques from previous attacks.
“PayPal used a large amount of authentication and verification protocols, so the attack required a lot more advanced techniques,” Th3 Pr0 said.
Read More Here…