Syrian Electronic Army hackers embarrass PayPal UK by displaying anti-US message

For a short period of time this weekend, visitors to the UK versions of the PayPal and eBay websites may have seen something out of the ordinary.

Not the normal welcoming message of a world-famous online institution, but an offensive message intermingled with a binary depiction of the Syrian flag instead:

Hacked by Syrian Electronic Army!

Sign up to our free newsletter.
Security news, advice, and tips.

Long live Syria!

Fuck the United States Government

Regular readers will not be surprised at all to hear that the notorious Syrian Electronic Army (SEA) claimed responsibility for the defacement.

However, as with other hacks conducted by the group, there is no suggestion that customers’ information was exposed – or even that any servers belonging to PayPal, or its owners eBay, were compromised.

Instead, it sounds more likely that the pro-Assad hacking gang managed to redirect visitors to the sites to a third-party website under their control, perhaps by hijacking eBay and PayPal’s .co.uk DNS entries.

Anuj Nayar, PayPal’s senior director of global initiatives, got in touch with me and offered the following statement:

We were not hacked.

For under 60 minutes, a very small subset of people visiting a few marketing web pages of PayPal France, UK and India websites were being redirected. There was no access to any consumer data whatsoever and no accounts were ever in any danger of being compromised. The situation was swiftly resolved and PayPal’s service was not affected. We take the security and privacy of our customers very seriously and are conducting a forensic investigation into this situation.

The SEA posted messages and images on Twitter, claiming responsibility for the hack:

For denying Syrian citizens the ability to purchase online products, PayPal was hacked by SEA

If your PayPal account is down for a few minutes, think about Syrians who were denied online payments for more than 3 years. #SEA

Of course, anyone who visited the websites during this episode should breathe a sigh of relief that the apparent hijacking was not done by someone more malicious with the intention of spreading, say, a drive-by malware download.

The Syrian Electronic Army’s Twitter account has since been suspended, but no doubt they will be back with a new one soon…

Update: Twitter user Ashar Javed shared with me an image of the certificate error displayed when users attempts to reach paypal.co.uk.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.