Security Experts:

OpVendetta Kicks Off As Rumors of Anonymous Attacking PayPal Spread

Rumors circulated early on Monday that Anonymous has kicked off their OpVendetta campaign with a hack on PayPal. While this hasn’t been confirmed, other related defacements and server compromises have been linked to the operation, as the faceless legion aims to make people remember the 5th of November.

[Updated With Additonal Statements from PayPal Below]

If rumors are to be believed, Anonymous has hacked PayPal and published nearly 30,000 account records.

“PayPal hacked: The following database dumps are brought to you by Anonymous as part of our November 5th protest against the banking blockade and consumerism in general,” an Anon said in a post to Facebook.

However, the rumors (concentrated on Facebook and Twitter) are centered on five posts made to privatepaste.com, which have since been removed. These posts contained encoded password details and email addresses, as well as transaction data.

Yet, along with what was claimed to be PayPal data, there were All Pay records as well. At this point, there is no way to prove if the published records came from PayPal, or another merchant. SecurityWeek has reached out to eBay, PayPal’s parent company, for comment. [Updated with statement from PayPal below]

However, OpVendetta is more than the PayPal breach. As of early morning on Nov 5, Anons online have targeted nearly 20 websites and promise that there’s more to come.

In addition to the activities online, Anons are encouraging their peers to take to the streets in non-violent protest. In the U.K., there are plans to march on The Houses of Parliament, as a show of strength and solidarity.

The march will also serve as “a warning to all governments worldwide that if they keep trying to censor, cut, imprison, or silence the free world or the free internet they will not be our governments for much longer. Change is coming,” an OpVendetta statement explains.

As of 02:00 A.M. Monday, the following sites have been singled out by Anonymous.

ghanaconsulate.ae

alllotto.com

contraloriacarabobo.gob.ve

mozambique.org.br

oscepa.org

adlamadata.com

meridacentrohistorico.com

redmallkuarica.cl

meridalegal.com

playemiproductionmusic.com.au

ascensionaustralia.com.au

wealthwithin.com.au

qla.org.au

moconcivil.com.au

aaet.com.au

ecoenergyhomes.com.au

semcorp.com.au

nsecleaning.com.au

Database dumps taken from alllotto.com, as well as wealthwithin.com.au – which include full names, usernames, passwords, email address, and home addresses – are just the beginning according to a majority of those taking part.

“Happy 5th of November everyone - Look for #Anonymous in the next 5 days for leaks from all over the world. We've left some surprises too...,”  Team GhostShell commented on Twitter.

In somewhat related news, though separate from OpVendetta, Team GhostShell made headlines last week when they leaked 2.5 million records taken from Russian government databases and other NGOs.

“GhostShell is declaring war on Russia's cyberspace, in "Project BlackStar". The project is aimed at the Russian Government. We'll start off with a nice greeting of 2.5 million accounts/records leaked, from governmental, educational, academical, political, law enforcement, telecom, research institutes, medical facilities, large corporations (both national and international branches) in such fields as energy, petroleum, banks, dealerships and many more,” the group said.

The group claims to have “access to more Russian files than the FSB,” and are eager to prove it. For the curious, Anonymous’ antics can be followed via Twitter using the hashtag #OpVendetta.

"Security of our customers' data is the top priority at PayPal. We're aggressively investigating this but to date we have been unable to find any evidence that validates this claim," a PayPal spokesperson told SecurityWeek on Monday morning.

On Monday afternoon, PayPal commented that the exploit may not have been targeted directly at PayPal.

"It appears that the exploit was not directed at PayPal after all, it was directed at a company called ZPanel," a PayPal spokespersson said. "The original story that started this and was retweeted by some of the Anonymous Twitter handles has now been updated.

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.