Businesses relying on PayPal for their e-commerce operations should take heed after a potential breach is claimed.
Update: PayPal has responded to the alleged breach by saying an internal investigation finds no evidence to support Anoymous’ claim of stolen passwords. Other reports on the Web now indicate a different payment provider may have been targeted, and PayPal was not a target.
Every Nov. 5, Guy Fawkes day commemorates a vigilante’s failed plan to blow up England’s parliament, but this year hacker group Anonymous is using it as an excuse to go on a cyber-assault against some top Web brands.
Last night, the @AnonymousPress Twitter account claimed to have released 28,000 customer account passwords for PayPal. The widely used online payment method is relied upon by many businesses to complete financial transactions for their e-commerce sites and a potential breach could threaten to disrupt that.
But the link posted by Anonymous now seems to lead to a dead end, so if there was a breach to any accounts, the exposure may have been minimal. Blog Ubergizmo reports that PayPal’s team is looking into the situation. No official notice has been posted to the company’s blog or press release section of the Web site.
PayPal offers an online Security Center where its customers can report fraudulent use of their accounts and other security concerns such as phishing e-mails or Web sites. It also offers an online security guide that has good tips that businesses using its service should always keep in mind, possible breach or not:
- - Always access your account by opening a new browser and typing in the entire URL (www.paypal.com) so that you won’t accidentally click on a phishing link in an e-mail or on social media.
- - Never share your PayPal account information in an e-mail. Send suspicious e-mails that appear to be from PayPal to email@example.com.
- - PayPal will not e-mail you an attachment to download from an e-mail. So don’t download any attachments that appear to come from PayPal, as it’s likely malware.
- - Use a strong, unique password and change it every 30 days.
Anonymous has also threatened attacks against Zynga and Facebook today. Last year, a similar threat was made against Facebook with no outcome. But the group has followed through on bringing down Web sites in the past after making threats.
ITBusiness.ca has requested comment from PayPal Canada about the potential breach and we’ll update this item when we receive more information.