Syrian Electronic Army strikes again! PayPal and eBay come under attack
There have been a lot of website compromises in 2014 despite the fact we're only just into February. Now it looks as though the Syrian Electronic Army is at it again. This time it is eBay and PayPal who found themselves in the crosshairs, as some users discovered that they were redirected to sites that announced the hack, praised Syria and chided the US government.
It might seem obvious that the Syrian Electronic Amy was behind the attack, but in case there was any doubt, the group used their Twitter feed to claim responsibility.
The message on the sites read "Hacked by Syrian Electronic Army! Long live Syria! Fuck the United States Government", although it was slightly hard to read what with being hidden behind a Syrian flag comprising red and white zeroes and ones. It seems as though the attack was short-lived, and PayPal claims that aside from the inconvenience of not being able to access their account, users were not placed at any risk.
Talking to security analyst Graham Cluley, PayPal issued a statement:
We were not hacked. For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.
At time of writing, the Syrian Electronic Army's Twitter account has been suspended, but it will probably not be long before it reappears in one guise or another. It is not clear why the SEA chose PayPal and eBay in particular -- it may just be a matter of both being high profile sites which will gain greater coverage.
Were you affected by the hack? Does it worry you that so many big-name sites are falling victim to one form of attack or another in recent weeks?