The Syrian Electronic Army’s latest targets are the websites of PayPal and eBay. The sites from the UK, France and India have displayed a Syrian flag and the message “Hacked by the Syrian Electronic Army. Long live Syria. [Expletive] the United States government.”
PayPal’s Senior Director of Global Initiatives Anuj Nayar has told Graham Cluley that the company’s systems have not been hacked.
“For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected,” Nayar said.
“There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.”
The Syrian Electronic Army has confirmed on Twitter that it wasn’t their intention to do any damage.
“Rest assured, this was purely a hacktivist operation, no user accounts or data were touched,” they said. “If your PayPal account is down for a few minutes, think about Syrians who were denied online payments for more than 3 years.”
The hacktivists have told HackRead that they’ve gained access to PayPal’s MarkMonitor account. A screenshot leaked by the SEA shows an internal PayPal email in which one employee says “someone has remote access to email via compromised laptop.”
It’s also worth noting that Twitter has suspended the Syrian Electronic Army’s account Official_SEA16. However, the hackers are used to having their accounts deleted, so they’ll probably just create a new one.
At the time of writing, the impacted eBay and PayPal sites appear to be working properly.