eBay and PayPal UK domains hacked by Syrian Electronic Army

Summary:UPDATED. In its ongoing firestorm of breaches and defacements, the Syrian Electronic Army penetrated websites belonging to PayPal UK and eBay and provided visual examples on its Twitter feed.

Hacking group Syrian Electronic Army today breached and defaced websites belonging to PayPal UK and eBay, though each website was resolving without issue or defacement after the announcement was made.

SEA PayPal Ebay hack

The SEA provided its evidence on Twitter, with an example of what appeared to be PayPal.co.uk's website with a fresh deface, and a second follow-up tweet labeled "Internal Paypal communications confirming penetration."

The Twitter account used by the Syrian Electronic Army for the announcement has since been suspended.

PayPal confirmed the security breach telling ZDNet via email, "PayPal's Sr. Director of Global Initiatives notes that the problem was limited to marketing pages in the UK, France, and India redirecting, that it has been resolved, and no user data was compromised."

PayPal did not provide an explanation regarding the display of its paypal.co.uk URL in the evidence of the hack as provided by the Syrian Electronic Army.

Nor did PayPal address the eBay UK forum members who tried to visit eBay.co.uk and experienced what they described as an hour-long outage of eBay's primary UK website from a Syrian Electronic Army attack.



The defacement purported to be on PayPal.co.uk read, "Hacked by the Syrian Electronic Army. Long live Syria. F*ck the United States government."

Syrian PayPal eBay hacked


The Syrian Electronic Army Twitter account directly addressed the concerns of PayPal users that the attack was political and not intended for theft saying, "Rest assured, this was purely a hacktivist operation, no user accounts or data were touched."

It tweeted saying, "For denying Syrian citizens the ability to purchase online products, Paypal was hacked by the #SEA."

Syrian Electronic Army PayPal


The focus was on PayPal's UK site.

PayPal UK offers a donation page for Syrian relief efforts, but the country is not on its page of supported countries.

PayPal does not support use of its services in Syria -- this also affects eBay buyers -- and it is widely considered that Syria is held on a blacklist of omission that includes dozes of other countries including Afghanistan, Haiti, American Samoa, Cuba, Pakistan, Libya, Sudan and many more.

It is unclear how the attack occurred. The SEA told Hackread,

Paypal used a large amount of authentication and verification protocols so the attack required a lot more advanced techniques.

For those living in any of PayPal's blacklisted countries, making simple online transactions is very hard and PayPal's blacklist makes it nearly impossible to enter into the most basic forms of online business. 

Topics: Security


Ms. Violet Blue (tinynibbles.com, @violetblue) is a freelance investigative reporter on hacking and cybercrime at Zero Day/ZDNet, CNET and CBS News, as well as a noted sex columnist. She has made regular appearances on CNN and The Oprah Winfrey Show and is regularly interviewed, quoted, and featured in a variety of publications that inclu... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.