eBay and PayPal victim of DNS hijack attack

No primary category set

Last weekend, eBay and PayPal UK were the victim of a DNS hijack. This is where a visitor to a website is redirected to another location whilst surfing the web.

In the case of the eBay and PayPal hijack, it was the work off the Syrian Electronic Army and visitors were redirected to a page that included a fruity message for the United States Government. You can find the message and lots of more technical details of the attack here

A PayPal spokesperson said: “We were not hacked. For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.”

Whilst it seems fairly harmless, it’s a worrying situation that eBay/PayPal could be a victim of this sort of attack. Indeed, as some pundits online have noted, it could have been much worse if the hijackers had a more malicious purpose in mind.

One Response

  1. I saw eBay pages last night that certainly were not hacked by the SEA. Whilst browsing for mobiles I came across a couple of items that used item-images of women in revealing clothing. Naturally I clicked to see the full listing and within a second the page forwarded me to a fairly legit looking eBay log in page from a Russian domain; a fairly obvious phishing attempt.

    This feels like the kind of hack I’d see in the 90s, others would perhaps not have chosen to look at the domain name and would have simply re-entered their log in details at which point their accounts would then be compromised.

    This appeared to be a hack via code injected into the body of the listing as opposed to a more complicated DNS attack. I have no idea how eBay could have let this happened in this day and age.

    The page has now been removed but I’m curious as to whether other people saw this last night.

RELATED POSTS..

New eBay conditions for pre-loved clothing

eBay delay new item condition pre-loved clothing listings

New eBay downloadable VAT invoices for sellers

New eBay downloadable VAT invoices for sellers

eBay Seller MeetUp in London | 28th February

eBay Seller MeetUp London | 28th February

eBay UK Buyer Fees insights from Q3 Investor Call Final Value Fees

eBay.com final value fees increase 0.35%

eBay Simple Delivery pricing change for Private Sellers

eBay Simple Delivery pricing change for Private Sellers

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars