eBay and PayPal UK domains hacked by Syrian Electronic Army

UPDATED. In its ongoing firestorm of breaches and defacements, the Syrian Electronic Army penetrated websites belonging to PayPal UK and eBay and provided visual examples on its Twitter feed.
Written by Violet Blue, Contributor

Hacking group Syrian Electronic Army today breached and defaced websites belonging to PayPal UK and eBay, though each website was resolving without issue or defacement after the announcement was made.

SEA PayPal Ebay hack

The SEA provided its evidence on Twitter, with an example of what appeared to be PayPal.co.uk's website with a fresh deface, and a second follow-up tweet labeled "Internal Paypal communications confirming penetration."

The Twitter account used by the Syrian Electronic Army for the announcement has since been suspended.

PayPal confirmed the security breach telling ZDNet via email, "PayPal's Sr. Director of Global Initiatives notes that the problem was limited to marketing pages in the UK, France, and India redirecting, that it has been resolved, and no user data was compromised."

PayPal did not provide an explanation regarding the display of its paypal.co.uk URL in the evidence of the hack as provided by the Syrian Electronic Army.

Nor did PayPal address the eBay UK forum members who tried to visit eBay.co.uk and experienced what they described as an hour-long outage of eBay's primary UK website from a Syrian Electronic Army attack.



The defacement purported to be on PayPal.co.uk read, "Hacked by the Syrian Electronic Army. Long live Syria. F*ck the United States government."

Syrian PayPal eBay hacked


The Syrian Electronic Army Twitter account directly addressed the concerns of PayPal users that the attack was political and not intended for theft saying, "Rest assured, this was purely a hacktivist operation, no user accounts or data were touched."

It tweeted saying, "For denying Syrian citizens the ability to purchase online products, Paypal was hacked by the #SEA."

Syrian Electronic Army PayPal


The focus was on PayPal's UK site.

PayPal UK offers a donation page for Syrian relief efforts, but the country is not on its page of supported countries.

PayPal does not support use of its services in Syria -- this also affects eBay buyers -- and it is widely considered that Syria is held on a blacklist of omission that includes dozes of other countries including Afghanistan, Haiti, American Samoa, Cuba, Pakistan, Libya, Sudan and many more.

It is unclear how the attack occurred. The SEA told Hackread,

Paypal used a large amount of authentication and verification protocols so the attack required a lot more advanced techniques.

For those living in any of PayPal's blacklisted countries, making simple online transactions is very hard and PayPal's blacklist makes it nearly impossible to enter into the most basic forms of online business. 

Editorial standards