Skip to main content

PayPal and eBay hacked by Syrian Electronic Army

The Syrian Electronic Army (SEA) has once again claimed responsibility for a series of cyber-attacks on major firms, in order to spread its anti-US government message.

A number of eBay and PayPal users in Europe and India were greeted by messages criticising the two firms for denying online payments to Syrian customers for several years.

"If your Paypal account is down for a few minutes, think about Syrians who were denied online payments for more than [three] years," the group posted on its Twitter account.

The attack took place over the weekend but screenshots of the web pages affected that were tweeted by the group and retweeted by its followers have since disappeared.

The Twitter account affiliated with the SEA that posted the images and took credit for the attack, @Official_SEA16, has also since been suspended.

"For a brief period yesterday, a very limited number of people visiting certain Paypal and eBay marketing pages in the UK, France and India were redirected. The issue was quickly detected and resolved," said a spokesperson for eBay.

"No customer data was accessed by these redirects, and no customer accounts were affected. We take the security and privacy of our customers very seriously and are actively investigating the reasons behind the temporary redirects."

It was the latest in a string of attacks targeting high profile organisations by the group. Most recently, US broadcaster CNN fell victim to the SEA when several of its blogs and social media accounts were compromised.

Rick Ferguson, vice president of security research at Trend Micro, previously explained to ITProPortal his understanding of how such attacks from the SEA took place.

"Key individuals in the target enterprise would have received well-crafted and convincing emails, either with a malicious file attached, or containing a credible-looking link," Ferguson said.

"Once compromised through either infection or phishing, then the account usernames and passwords would be available to the attacker, allowing further malicious activity."