Is your website still standing after 5 November? According to reports, the websites of PayPal, Symantec, NBC, and more came under fire, with hacker collective Anonymous thought to be the likeliest culprit after it promised attacks on Guy Fawkes day. But there are conflicting reports about who actually perpetrated the hacks.
After Alan Moore's graphic novel, V for Vendetta, turned Gunpowder Plot participant Fawkes into an anti-hero, 5 November now typically brings with it a number of high-profile hacks, and several Anonymous-related Twitter feeds claimed responsibility for some of yesterday's breaches.
"Paypal hacked by Anonymous as part of our November 5th protest," said one of the updates, with the tweets including a link to privatepaste.com, which reportedly included the private details of 28,000 PayPal users. At this point, however, that link is dead.
Anuj Nayarm, PayPal's head of PR, tweeted that the company is investigating, but has thus far "been unable to find any evidence that validates this claim."
Later, the official PayPal Twitter account tweeted: "Please know @paypal was not attacked by #Anonymous."
A spokesman further clarified via email that "it appears that the exploit was not directed at PayPal after all, it was directed at a company called ZPanel," he said. "The original story that started this and was retweeted by some of the Anonymous Twitter handles has now been updated."
Anonymous and PayPal have tangled before. In the wake of payment services like PayPal, Visa, and MasterCard withdrawing their support for Wikileaks, Anonymous organised a distributed denial of service attack (DDoS) against all three firms. The attacks led to temporary outages or website slowdowns, but did not do significant damage.
Hackers are also reportedly targeting Symantec. Security Week reported that hackers dumped database and marketing details from the security firm via a zine that also went after image hosting site ImageShack.
"Symantec is investigating the recent claims made online regarding the security of our networks. We have found no evidence that customer information was exposed or impacted," a Symantec spokeswoman said. "We will continue to monitor the situation and aggressively investigate these and any related claims. Beyond that, we have no additional information to share and are not going to speculate on any further elements of the story."
According to the Twitter account @doxbin, the Symantec hack was not carried out by Anonymous, but by a group known as Hack the Planet (HTP). "Anon didn't do Symantec. HTP is not affiliated with Anonymous. Do some basic fact checking," doxbin tweeted at a reporter.
Of course, given the nature of Anonymous, anyone can actually become a member of the group simply by saying they belong.
Over the weekend, meanwhile, NBC suffered a Guy Fawkes-themed hacking attack by an individual (or group of individuals) running under the name Pyknic. Anonymous denied any involvement with that attack, too.