eBay and PayPal victim of DNS hijack attack

No primary category set

Last weekend, eBay and PayPal UK were the victim of a DNS hijack. This is where a visitor to a website is redirected to another location whilst surfing the web.

In the case of the eBay and PayPal hijack, it was the work off the Syrian Electronic Army and visitors were redirected to a page that included a fruity message for the United States Government. You can find the message and lots of more technical details of the attack here

A PayPal spokesperson said: “We were not hacked. For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.”

Whilst it seems fairly harmless, it’s a worrying situation that eBay/PayPal could be a victim of this sort of attack. Indeed, as some pundits online have noted, it could have been much worse if the hijackers had a more malicious purpose in mind.

One Response

  1. I saw eBay pages last night that certainly were not hacked by the SEA. Whilst browsing for mobiles I came across a couple of items that used item-images of women in revealing clothing. Naturally I clicked to see the full listing and within a second the page forwarded me to a fairly legit looking eBay log in page from a Russian domain; a fairly obvious phishing attempt.

    This feels like the kind of hack I’d see in the 90s, others would perhaps not have chosen to look at the domain name and would have simply re-entered their log in details at which point their accounts would then be compromised.

    This appeared to be a hack via code injected into the body of the listing as opposed to a more complicated DNS attack. I have no idea how eBay could have let this happened in this day and age.

    The page has now been removed but I’m curious as to whether other people saw this last night.

RELATED POSTS..

Wahaaj Shabbir - From sneakerhead to Head of Sneakers at eBay UK

Wahaaj Shabbir – From sneakerhead to Head of Sneakers at eBay UK

eBay UK returns as Love Island sponsor to promote pre-loved fashion

eBay UK returns as Love Island sponsor to promote pre-loved fashion

eBay Roadshow Belfast - 13th June

eBay Roadshow Belfast – 13th June

eBay's new resell button transforms recommerce experience

eBay’s new resell button transforms recommerce experience

eBay & Small Business Britain Webinar: From Side Hustle to Main Hustle

eBay & Small Business Britain Webinar: From Side Hustle to Main Hustle

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Latest

Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars