Anonymous Did Not Hack PayPal

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://bits.blogs.nytimes.com/2012/11/05/no-anonymous-did-not-hack-paypal/

No, Anonymous did not hack PayPal on Monday. It says it did:

Paypal hacked by Anonymous as part of our November 5th protest
privatepaste.com/e8d3b2b2b1 #5Nov

— Anonymous Press (@AnonymousPress) November 5, 2012

Members of the loose hacking collective claimed credit for dumping
28,000 passwords online that they said belonged to PayPal customers.
They said the  attack was part of a much larger hacking campaign,
involving PayPal, Symantec, several Australian government sites and
more, that was timed to Guy Fawkes Day, the British holiday
commemorating a failed 17th-century plot to blow up British
Parliament. Anonymous usurped Guy Fawkes as their brand and is often
seen protesting in Guy Fawkes masks ever since the release of the 2006
film “V for Vendetta,” which featured a Guy Fawkes-inspired
protagonist.
Although Anonymous’s claims went viral on Twitter and were picked up
by several media outlets, it appears the attack on PayPal never
happened. The 28,000 passwords actually belonged to ZPanel, a free
open source hosting site. Anuj Nayar, a PayPal spokesman, said the
payments company had been investigating the attack since Sunday night
and concluded that there was no evidence any of its data had been
breached.

A hacker who goes by the handle HTP on Twitter took credit for a
breach on Symantec and released what HTP claimed were the passwords of
Symantec employees on the Web site Pastebin. A number of media outlets
attributed that attack to Anonymous, but the hackers denied any
affiliation with the group. Mike Bradshaw, a Symantec spokesman, said
that the company was still investigating the breach but that there was
no evidence that any customer data had been compromised. Mr. Bradshaw
did not clarify whether employee data had been compromised.

On Sunday night, a few other Web sites, including the home page for
NBC and a Lady Gaga fan site were defaced. A group called “pyknic”
claimed credit for the vandalism and made reference to Guy Fawkes Day,
writing “Remember, remember the fifth of November,” suggesting a tie
to Anonymous. Several media outlets attributed the attack to the group
but again, the connection proved tenuous. The main accounts associated
with the Anonymous collective did not claim credit for the attacks on
Twitter.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.