The Syrian Electronic Army, a notorious hacking group, says it claimed two big-name victims Saturday: eBay and PayPal. While a hack on PayPal could put millions of peoples’ bank information at risk, the hackers said this attack was a “hacktivist operation,” and that they did not target account information. Instead, the SEA claimed it was able to replace the homepages of eBay and PayPal in France, Israel and the UK with its own logo.
Hacking group Syrian Electronic Army today breached and defaced websites belonging to PayPal UK and eBay, though each website was resolving without issue or defacement after the announcement was made. The SEA provided its evidence on Twitter, with an example of what appeared to be PayPal.co.uk’s website with a fresh deface, and a second follow-up tweet labeled “Internal Paypal communications confirming penetration.” The Twitter account used by the Syrian Electronic Army for the announcement has since been suspended. PayPal confirmed the security breach telling ZDNet via email, “PayPal’s Sr. Director of Global Initiatives notes that the problem was limited to marketing pages in the UK, France, and India redirecting, that it has been resolved, and no user data was compromised.”