Cyber Incident Victim: PayPal
Date:
Apr 2015
Location:
Israel
Summary
A collective of hacking groups including Anonymous Arab and AnonGhost executed cyberattacks against numerous Israeli websites and online services as part of OpIsrael, compromising sensitive data across multiple platforms. The breach exposed thousands of credentials, including over 2,100 PayPal accounts, 7,000 email passwords, and personal details of approximately 150,000 citizens such as names, addresses, and phone numbers, alongside modem login data for 6,000 devices. Leaked information originated from Israeli online portals and impacted entities ranging from academic institutions to commercial businesses. The attackers publicly disseminated the stolen data through pastebin links and listed defaced websites, with operations planned to persist for several weeks. Analysis confirmed the legitimacy of substantial portions of the leaked datasets.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In early April 2015, multiple hacking collectives including Anonymous Arab, AnonGhost, and Anonymous Arabe executed coordinated cyberattacks against Israeli digital infrastructure under the OpIsrael campaign. The operation commenced shortly after public announcements by Anonymous and AnonGhost regarding planned assaults on Israeli servers. Between April 7 and the following weeks, attackers compromised approximately 700 Israeli websites across government, academic, and commercial sectors. High-profile targets included the Jerusalem Center For Public Affairs, Honda Israel, and Technion institutions. The groups exfiltrated and publicly disseminated extensive datasets through Pastebin repositories. Anonymous Arab specifically leaked 2,143 Israeli PayPal account credentials containing login information. AnonGhost released over 7,000 email addresses and associated passwords, while Anonymous Arabe distributed personal records of 150,000 Israeli citizens containing full names, physical addresses, email accounts, and telephone numbers. Additional breaches included modem login credentials for 6,000 Israeli internet modems. Forensic analysis confirmed the authenticity of substantial portions of the leaked data, with compromised records originating from Israeli web portals including area.co.il and walla.co.il.
The attacks resulted in widespread exposure of sensitive financial, communication, and identity data. PayPal credentials posed direct risks of unauthorized financial transactions, while the email/password combinations enabled potential access to additional online services through credential reuse. The personal information dump of 150,000 citizens created significant identity theft vulnerabilities. Infrastructure compromises extended beyond website defacements, with modem access enabling potential network intrusions. Hackers maintained operational momentum by announcing continued attacks until April 20, 2015, and provided updated lists of defaced domains through dedicated Pastebin and Ghostbin repositories. No containment measures or organizational responses were detailed in the available reports. The cumulative impact involved cross-sector disruption across governmental bodies, automotive businesses, academic institutions, and telecommunications infrastructure, with data validity confirmed through traceable origins in legitimate Israeli online platforms.