eBay and PayPal victim of DNS hijack attack

No primary category set
by Dan Wilson

Last weekend, eBay and PayPal UK were the victim of a DNS hijack. This is where a visitor to a website is redirected to another location whilst surfing the web.

In the case of the eBay and PayPal hijack, it was the work off the Syrian Electronic Army and visitors were redirected to a page that included a fruity message for the United States Government. You can find the message and lots of more technical details of the attack here

A PayPal spokesperson said: “We were not hacked. For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.”

Whilst it seems fairly harmless, it’s a worrying situation that eBay/PayPal could be a victim of this sort of attack. Indeed, as some pundits online have noted, it could have been much worse if the hijackers had a more malicious purpose in mind.

One Response

  1. I saw eBay pages last night that certainly were not hacked by the SEA. Whilst browsing for mobiles I came across a couple of items that used item-images of women in revealing clothing. Naturally I clicked to see the full listing and within a second the page forwarded me to a fairly legit looking eBay log in page from a Russian domain; a fairly obvious phishing attempt.

    This feels like the kind of hack I’d see in the 90s, others would perhaps not have chosen to look at the domain name and would have simply re-entered their log in details at which point their accounts would then be compromised.

    This appeared to be a hack via code injected into the body of the listing as opposed to a more complicated DNS attack. I have no idea how eBay could have let this happened in this day and age.

    The page has now been removed but I’m curious as to whether other people saw this last night.

RELATED POSTS..

eBay Live UK to launch with Katherine Ryan and Amy Bannerman

eBay Live UK to launch with Katherine Ryan and Amy Bannerman

  • 24 Apr
  • 0
Deep dive into eBay Offsite Ads with Anthony Okoro

Deep dive into eBay Offsite Ads with Anthony Okoro

  • 16 Apr
  • 0
eBay Marketplace - Exploring Business Growth Opportunity

eBay Marketplace – Exploring Business Growth Opportunity

  • 15 Apr
  • 0
eBay generative AI-powered Shop the Look

eBay generative AI-powered Shop the Look

  • 11 Apr
  • 0
eBay acquire Goldin, sell eBay Vault

eBay acquire Goldin, sell eBay Vault

  • 11 Apr
  • 0

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Latest

Take a look through a selection of the latest articles on ChannelX

Read more

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars
Register

ChannelX is the leading provider of intelligence & news for all businesses and business people who ply their trade on online marketplaces.

ChannelX is published by InternetRetailing Media Services Ltd on its behalf.
Tel: +44 (0) 207 062 25 25
Email: [email protected]

Youtube Linkedin Facebook Twitter