eBay and PayPal victim of DNS hijack attack

Last weekend, eBay and PayPal UK were the victim of a DNS hijack. This is where a visitor to a website is redirected to another location whilst surfing the web.

In the case of the eBay and PayPal hijack, it was the work off the Syrian Electronic Army and visitors were redirected to a page that included a fruity message for the United States Government. You can find the message and lots of more technical details of the attack here

A PayPal spokesperson said: “We were not hacked. For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.”

Whilst it seems fairly harmless, it’s a worrying situation that eBay/PayPal could be a victim of this sort of attack. Indeed, as some pundits online have noted, it could have been much worse if the hijackers had a more malicious purpose in mind.