PayPal privates exposed after breach on SECURITY shop Antivirus firm Avast has said that it was not responsible for a breach on a website of a German reseller selling its security products that resulted in the apparent leak of the payment details of thousands of consumers over the weekend. Turkish hacker Maxn3y defaced avadas.de on Saturday (archive here) before dumping what the …
Check out all the 3rd parties that PayPal want to 'share' our info too in the latest round of T&C updates...
https://cms.paypal.com/uk/cgi-bin/?&cmd=_render-content&content_ID=ua/upcoming_policies_full
Time to close my account! Will slip by most who simply accept these things without reading them!
My name and address are real. My email is a disposable address, and my bank card is a one-time virtual card set up prior to each purchase. Consequently, I am not "verified" (PayPal inform me that I can only verify myself by linking to my bank account; I declined). Thankfully I only use it to buy stuff once in a blue moon off eBay. This might be a bigger deal for people more active, especially if they have linked a real bank account to PayPal.
I do not believe PayPal is much different than any other large provider. When I used to live in the UK, I gave different big companies (Sky, my bank, clubcard schemes, etc) my address written in different ways. Oddly enough, junkmail started to arrive with different address layouts, so this information was being shared despite my always opting out of commercial prospectus (and it's a cute trick having one form telling you to tick to opt OUT and another tick to opt IN!).
Thankfully, back then email and SMS spam was not common. These days, most spam that reaches me if from my ISP; conveniently they use the same mailshot addresses so it is easy to filter. Although, most interesting of all, I started getting SMS spam half an hour after registering my phone when I didn't even know the number myself. Most of it has gone now (I elected to be on the don't-spam list, but it would take 48h to come into effect), but it is pretty damn suspicious don't you think?
So - you were saying what about PayPal?
When I signed up with PayPal, many years ago; they made a point that you needed two items of information to log in and make payment - i.e. an email address and a password, so it was very secure. I quickly realised that they gave your email address to every Tom, Dick and Harriet who you bought tat from on eBay. That probably explains why I started to get phishing emails at that address asking me for my PayPal account details.
At one time, I bought a small item from a German seller on eBay and selected to pay using PayPal. I was then redirected to the sellers payment facility, that asked me to login to PayPal using some german auction management site! I told it to f**k off (figuratively). I assume that PayPal would have accepted payment details via this site?
Why do PayPal do such stupid things?
...the mandatory prison sentence for hacking should be 20 years.
As far as the story details, it doesn't look to me that PayPal was hacked, it's that details of PayPal customers that were kept on the German website by Procello, were compromised. This would not be a PayPal issue and may not allow access to the accounts of those who's info. was obtained. It may just be personal information that was taken.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
