Feeds

back to article PayPal denies stiffing bug-hunting teen on bounty

PayPal has denied that it refused a teenage security researcher a reward for finding a potentially nasty bug on the basis that he was too young. The payments processing firm said that while it had denied the 17-year-old a reward, it was because another researcher had already reported the flaw. Robert Kugler, 17, found a cross- …

COMMENTS

This topic is closed for new posts.

This post has been deleted by its author

Bronze badge

Re: Well...

He posted screen grabs of the emails he received from Paypal. This one says that "To be eligible for the Bug Bounty Program, you must not: [...] Be less than 18 years of age."

3
0
Anonymous Coward

Re: Well...

Which is perfectly stupid given how so many IT literate kids exist these days.

What next? the Police refuse to believe a kid when they report a crime? there was a 9yr old who burgled a house and stole a car recently (before crashing it of course).

http://www.bbc.co.uk/news/uk-england-tees-22665842

There's some clever little buggers around, get on their good side.

2
0
Anonymous Coward

Re: Well...

If he doesn't get his just rewards legally, who would blame him if he decides to go into business for himself.

2
0
ACx

Kid finds bug.

Paypal openly refuse payment because they say age. They even cite US law.

Paypal gets bad press.

Paypal change their excuse.

So, Paypal lies. What a shock.

If they knew it was because some one else found the bug first, they would have said so at the time. Or do they just lie to start with just to say something until they can be bothered to tell the truth.

Either way, Paypal is a scummy business with a virtual monopoly with little regulation or oversight (most people I know only use paypal because of the close shop that is ebay and paypal) which they abuse for profit. But they can be convenient so the sheep happily use them.

Well, in the end, customers get what they deserve.

16
2
JDX
Gold badge

Or, 17 year old kid lies to get publicity.

1
17

Paypal are simply good old-fashioned criminals

Barclays won't even process payments to them. I tried and my card was locked a a result. "Not a trusted organisation" I was given.

Look, if you don't know by now, ALWAYS IMMEDIATELY WITHDRAW YOUR ACCUMULATED FUNDS from Paypal if you have to use them. If you don't *have* to use them - DON'T. It's the wild west on the interwebs, and this is a pikey scam of a firm.

1
0
Anonymous Coward

Re: Paypal are simply good old-fashioned criminals

Barclays is significantly untrustworthy too from various reports.

So if _Barclays_ won't deal with them, PayPal _really must_ be far down the scum chain.

1
0
JDX
Gold badge

Love the fact that commentards automatically assume a hacker is telling the truth.

0
0
g e
Silver badge
Holmes

"strange behaviour from PayPal"

Nope. Sounds absolutely par for the paypal course to me.

Perhaps the person who _did_ get the bounty could step forward?

8
0
Bronze badge
Devil

Pulling a fast one.

"The bug bounty program is subject to change or to cancellation at any point without notice".

That would seem to allow doing whatever they want including making the rules up as they go.

Welcome to PayPal.

8
0
JDX
Gold badge

Re: Pulling a fast one.

Or literally every single other business on the planet who runs such a program. It's their game, their rules.

1
13
Bronze badge
Alert

Re: Pulling a fast one.

Or literally every single other business on the planet who runs such a program. It's their game, their rules.

Yup, that's the way to encourage bug-finders to report the bugs honestly instead of exploiting them.

5
0

Re: Pulling a fast one.

So, first he lied to try and get the bounty, then you say it doesn't matter whether or not he lied, because PayPal can change the rules any time they want?

Which one is it?

2
1
Bronze badge

Re: Pulling a fast one.

@JDX

I don't think anyone is suggesting that they are not entitled to form their own rules.

The arguement that you don't appear to want to engage with is that the choices they have made in this case are likely to prove detrimental to thir efforts on a number of different levels.

3
0
JDX
Gold badge

Re: Pulling a fast one.

Boo-hoo, one person CLAIMS they stiffed him.

0
0
Bronze badge
Childcatcher

At What Price?

It seems very short-sighted to stiff a willing participant in your program for $3K compared to how much financial damage the bug could have been used to cause and how much bad press they are taking over this. That is not to say they did or did not bilk the researcher out of his just reward, only that their handling of it seems unprofessional and counterproductive.

7
0
Silver badge
Unhappy

Re: At What Price?

Like they care? It isnt like ebay users have much choice.

1
1
Bronze badge

Re: It isnt like ebay users have much choice.

Actually they do.

I just closed my eBay account and transferred my Paypal balance to my bank.

I intend to close the Paypal account too.

This article reminded was what spurred me into actually doing it (it has been on my to do list for a while, due to the way they let people rip you off if they can fob you off for long enough.)

3
0
WTF?

First! No, wait...

"Two security researchers (one from China and one from India) found the same bug and always the same reply: Someone else found it, we are sorry!"

So he's upset that two people who definitely weren't the first to find the bug were told that they weren't the first to find the bug? I'm not entirely sure how he thinks this supports his claims that PayPal treated anyone unfairly.

0
7
Silver badge
Happy

Re: First! No, wait...

His issue is that it seems those others were disqualified because the bug he reported was already discovered, by him. PayPal seems to be citing his discovery as the reason why they disqualified the other researchers. They seem to be playing both ends against the middle in a scheme to avoid payment if the reward to anyone.

4
0
Silver badge
Devil

Good old Paypal - Did you know?

There site and service is terrible.

Did you know that you can link your bank account and make a couple of transactions? You did, I thought so.

Did you know that you can then close your bank account and continue to pay for things using Paypal? You didn't, oh well you can.

Did you know it takes a couple of days (at least) for Paypal to notice? Great system isn't it.

I had actually paid for some items, had them delivered before they even noticed.

1
4
Silver badge
FAIL

Re: Good old Paypal - Did you know?

Congratulations dipshit. You are the reason EULA's are so screwed up and businesses don't trust customers.

1
1

Re: Good old Paypal - Did you know?

'Dipshit'?

Dear me, the standard of commentators on here has lowered somewhat since I was last on.

0
2
Silver badge
Happy

Re: Good old Paypal - Did you know?

I didn't want to waste any of my higher class derogatory appellations on him.

2
1
Silver badge
Devil

Re: Good old Paypal - Did you know?

You are the reason EULA.......

Oh Fudge! and here was me thinking that it was their failure to authenticate on this occasion.

I guess I will be super careful from now on, just in case I make the EULA even worse for people like you.

0
1
Bronze badge
Flame

My experience of PayPal is that they are, typically, a complete shower of useless tossers. I've never spoken to people more disinterested in providing any form of customer service.

This story, therefore, comes as absolutely no surprise, and I hope someone senior on their payroll recognises the utterly-negative views that are aired whenever PayPal is discussed on the internet.

4
0
FAIL

@nuked

..."I've never spoken to people more disinterested in providing any form of customer service."

You've never had to deal with Logitech "support" then.

Of all the most crap "support" places around, Logitech has the most useless / disinterested ones so far. They don't make PayPal's look good (they're crap too), but Logitech's ones have _really_ got being crap nailed.

/me guys Kensington stuff now due to this.

0
0
Anonymous Coward

There is always someone...

...looking to profit from false claims.

0
3
Silver badge

Bah!

I experienced similar behavior from a large British game company who decided that there was an arbitrary date on a gift certificate prize I had been awarded as part of the first US Golden Demon contest, but had taken my own sweet time in using. They were not receptive to the argument that there was nothing in the yards of boilerplate on the document itself to say there was any expiration date. They were not receptive to the argument that delaying the use of the gift certificate was to their advantage and my loss since it was not index linked to their platforming retail price escalations.

They were more receptive when they found out I was seriously ill in hospital and that my wife was working for a large law firm. The clincher? I was not, as they had assumed, a teenager. Why that would make the defining difference in attitude I don't know. But it isn't just an American behavior to gyp for no reason.

As for PayPal, I started my relationship with them reluctantly, was forced to participate more fully by an eBaytard who couldn't read and whose payment arrived a couple of days after a critical change in in the eBay TOS. I hate that they attempt to hijack any PP-mediated transaction to use the PP account rather than my credit card (WHY would I spend my money when I can spend the bank's ffs?) and as a result I have avoided doing business with any site that only offers PP payments (predominantly UK sites for some reason. They loves the PayPal).

eBay is no longer a first resort for me when it comes to printed materials (by far my most frequent type of e-purchase) since I can trust Amazon vendors more than eBayers when it comes to describing what they are selling me. Yes I've been burned. Not seriously, but enough to say "enough!"

1
0
Bronze badge
Coat

I have been PayPal free for 7 years

They are a bunch of lying, cheating tossers, and nothing bad said about them every surprises me.

Mines the one from Amazon (or was it Gumtree).

1
0
Pint

PayPal free

I have refused to use PayPal for ANY transaction, either on eBay or any other on line seller... If their only option for paying for something is PayPal... SAYONARA SUCKER.... I can find it elsewhere...

Since El Reg refuses to give me a wine glass, I have to pretend this is a good Napa Valley Cabernet Sauvignon...

0
0
This topic is closed for new posts.