The Syrian Electronic Army has been at it again, with eBay and PayPal its latest victims. The compromise appears to have allowed doctoring of some local webpages, and no personal or financial data is thought to have been breached.
The hack on the online auction and payments giants comes hot on the heels of social media takeovers at CNN and Microsoft, but this incident seems a little different from the SEA’s usual diet of social media account hijacks.
SEA tweets claiming successful hijacks of the homepages of both eBay and PayPal in the UK, France and Israel were sent from the latest iteration of their official Twitter account, which was suspended by the time of writing.
They included screenshots of defaced homepages intended to back up their claims, as well as images of domain management portals and internal emails.
However, statements made by a PayPal spokesman to Mashable and ZDNet insist “the problem was limited to marketing pages in the UK, France, and India” and that only “a very limited number of people” were affected, confirming that customer data was not at risk.
The SEA’s motive for the attack appears to be the unavailability of eBay and PayPal services in Syria.
Unlike their standard fare of phished Twitter logins, this breach appears a little more technical in nature, with SEA telling Hackread it “required a lot more advanced techniques”.
PayPal and eBay join a lengthy list of big-name brands suffering at the hands of the SEA, which seems to mainly focus on news outlets.
CNN, the New York Times, the Washington Post, the Financial Times, the Guardian, the BBC, NPR, Reuters and the Onion have all been targeted in the past, as have other online service providers including Twitter, Skype and Viber.
No official statements had been posted by either eBay or PayPal at the time of writing, but PayPal has already had to break out the old “we take your security seriously” line this week, in response to claims they provided data to phishers as part of a complex scheme to steal a rare Twitter handle.
PayPal is wholly owned by eBay, but this latest cross-brand incident may add some fuel to the latest suggestions that the two should part company.
With eBay and PayPal users in the affected regions only suffering brief outages, users of video streaming site Vimeo have had to endure slightly longer downtime after a series of DDoS attacks knocked services offline several times in the last few days.
It seems like reliability and availability remain hard to maintain, despite their ever-increasing importance in the modern always-online world.