Hacking group Syrian Electronic Army today breached and defaced websites belonging to PayPal UK and eBay, though each website was resolving without issue or defacement after the announcement was made.
The SEA provided its evidence on Twitter, with an example of what appeared to be PayPal.co.uk's website with a fresh deface, and a second follow-up tweet labeled "Internal Paypal communications confirming penetration."
The Twitter account used by the Syrian Electronic Army for the announcement has since been suspended.
PayPal confirmed the security breach telling ZDNet via email, "PayPal's Sr. Director of Global Initiatives notes that the problem was limited to marketing pages in the UK, France, and India redirecting, that it has been resolved, and no user data was compromised."
PayPal did not provide an explanation regarding the display of its paypal.co.uk URL in the evidence of the hack as provided by the Syrian Electronic Army.
Nor did PayPal address the eBay UK forum members who tried to visit eBay.co.uk and experienced what they described as an hour-long outage of eBay's primary UK website from a Syrian Electronic Army attack.
Internal Paypal communications confirming penetration. #SEA pic.twitter.com/GT1ZWqO9dA— SyrianElectronicArmy (@Official_SEA16) February 1, 2014
The defacement purported to be on PayPal.co.uk read, "Hacked by the Syrian Electronic Army. Long live Syria. F*ck the United States government."
The Syrian Electronic Army Twitter account directly addressed the concerns of PayPal users that the attack was political and not intended for theft saying, "Rest assured, this was purely a hacktivist operation, no user accounts or data were touched."
It tweeted saying, "For denying Syrian citizens the ability to purchase online products, Paypal was hacked by the #SEA."
The focus was on PayPal's UK site.
PayPal UK offers a donation page for Syrian relief efforts, but the country is not on its page of supported countries.
PayPal does not support use of its services in Syria -- this also affects eBay buyers -- and it is widely considered that Syria is held on a blacklist of omission that includes dozes of other countries including Afghanistan, Haiti, American Samoa, Cuba, Pakistan, Libya, Sudan and many more.
It is unclear how the attack occurred. The SEA told Hackread,
Paypal used a large amount of authentication and verification protocols so the attack required a lot more advanced techniques.
For those living in any of PayPal's blacklisted countries, making simple online transactions is very hard and PayPal's blacklist makes it nearly impossible to enter into the most basic forms of online business.