It’s Nov. 5. Is your website still standing? According to reports, the websites of PayPal, Symantec, NBC, and more have come under fire, with many looking toward hacker collective Anonymous. But there are conflicting reports about who actually perpetrated the hacks – if at all.
November 5 is Guy Fawkes Day, named for the man who unsuccessfully tried to blow up Parliament in 1605. Alan Moore’s graphic novel, V for Vendetta turned Fawkes into an anarchist anti-hero, and the Fawkes mask has become synonymous with the Anonymous hacker collective. As such, Nov. 5 now brings with it a number of high-profile hacks.
Late last night, several Anonymous-related Twitter feeds tweeted: “Paypal hacked by Anonymous as part of our November 5th protest.” The tweets included a link to privatepaste.com, which reportedly included the private details of 28,000 PayPal users. At this point, however, that link is dead.
Anuj Nayarm, PayPal’s head of PR, tweeted today that the company is investigating, but has thus far “been unable to find any evidence that validates this claim.”
Later this afternoon, the official PayPal Twitter account tweeted: “Please know @paypal was not attacked by #Anonymous.”
A spokesman further clarified via email that “it appears that the exploit was not directed at PayPal after all, it was directed at a company called ZPanel,” he said. “The original story that started this and was retweeted by some of the Anonymous Twitter handles has now been updated.”
Anonymous and PayPal have tangled before. In the wake of payment services like PayPal, Visa, and MasterCard withdrawing their support for Wikileaks, Anonymous organized a distributed denial of service attack against all three firms. The attacks led to temporary outages or website slowdowns, but did not do significant damage.
Hackers are also reportedly targeting Symantec. Security Week reported that hackers dumped database and marketing details from the security firm via a zine that also went after image hosting site ImageShack.
“Symantec is investigating the recent claims made online regarding the security of our networks. We have found no evidence that customer information was exposed or impacted,” a Symantec spokeswoman said. “We will continue to monitor the situation and aggressively investigate these and any related claims. Beyond that, we have no additional information to share and are not going to speculate on any further elements of the story.”
According to the Twitter account @doxbin, the Symantec hack was not carried out by Anonymous, but by a group known as Hack the Planet (HTP). “Anon didn’t do Symantec. HTP is not affiliated with Anonymous. Do some basic fact checking,” doxbin tweeted at a reporter today.
Of course, given the nature of Anonymous, anyone can actually become a member of the group simpy by saying they belong.
Over the weekend, meanwhile, NBC suffered a hacking attack by an individual (or group of individuals) running under the name Pyknic. Anonymous denied any involvement with that attack, too.
Editor’s Note: This story was updated at 2 p.m. Eastern with additional comment from PayPal and again at 3:30 p.m.