back to article PayPal privates exposed after breach on SECURITY shop

Antivirus firm Avast has said that it was not responsible for a breach on a website of a German reseller selling its security products that resulted in the apparent leak of the payment details of thousands of consumers over the weekend. Turkish hacker Maxn3y defaced avadas.de on Saturday (archive here) before dumping what the …

COMMENTS

This topic is closed for new posts.
  1. ecofeco Silver badge
    FAIL

    ...and the hits just keep on coming

    Hacking? Never heard of it.

  2. Julian C
    Black Helicopters

    Just as Paypal decide to share our personal information to more 3rd parties!

    Check out all the 3rd parties that PayPal want to 'share' our info too in the latest round of T&C updates...

    https://cms.paypal.com/uk/cgi-bin/?&cmd=_render-content&content_ID=ua/upcoming_policies_full

    Time to close my account! Will slip by most who simply accept these things without reading them!

    1. heyrick Silver badge

      Re: Just as Paypal decide to share our personal information to more 3rd parties!

      My name and address are real. My email is a disposable address, and my bank card is a one-time virtual card set up prior to each purchase. Consequently, I am not "verified" (PayPal inform me that I can only verify myself by linking to my bank account; I declined). Thankfully I only use it to buy stuff once in a blue moon off eBay. This might be a bigger deal for people more active, especially if they have linked a real bank account to PayPal.

      I do not believe PayPal is much different than any other large provider. When I used to live in the UK, I gave different big companies (Sky, my bank, clubcard schemes, etc) my address written in different ways. Oddly enough, junkmail started to arrive with different address layouts, so this information was being shared despite my always opting out of commercial prospectus (and it's a cute trick having one form telling you to tick to opt OUT and another tick to opt IN!).

      Thankfully, back then email and SMS spam was not common. These days, most spam that reaches me if from my ISP; conveniently they use the same mailshot addresses so it is easy to filter. Although, most interesting of all, I started getting SMS spam half an hour after registering my phone when I didn't even know the number myself. Most of it has gone now (I elected to be on the don't-spam list, but it would take 48h to come into effect), but it is pretty damn suspicious don't you think?

      So - you were saying what about PayPal?

  3. frank ly

    Ah, PayPal

    When I signed up with PayPal, many years ago; they made a point that you needed two items of information to log in and make payment - i.e. an email address and a password, so it was very secure. I quickly realised that they gave your email address to every Tom, Dick and Harriet who you bought tat from on eBay. That probably explains why I started to get phishing emails at that address asking me for my PayPal account details.

    At one time, I bought a small item from a German seller on eBay and selected to pay using PayPal. I was then redirected to the sellers payment facility, that asked me to login to PayPal using some german auction management site! I told it to f**k off (figuratively). I assume that PayPal would have accepted payment details via this site?

    Why do PayPal do such stupid things?

    1. Irongut

      Re: Ah, PayPal

      No you get phishing emails about PayPal for the same reason I get phishing emails about Bank of America, HSBC, etc. Onse a phisherman has an email addres he sends it mail for everything whether he thinks they use it or not.

  4. Anonymous Coward
    Anonymous Coward

    If you must use PayPal use their security key service:

    https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/Marketing_CommandDriven/securitycenter/PayPalSecurityKey-outside

    If your information is breached, they can't login to your account.

  5. Anonymous Coward
    Anonymous Coward

    This is why...

    ...the mandatory prison sentence for hacking should be 20 years.

    As far as the story details, it doesn't look to me that PayPal was hacked, it's that details of PayPal customers that were kept on the German website by Procello, were compromised. This would not be a PayPal issue and may not allow access to the accounts of those who's info. was obtained. It may just be personal information that was taken.

This topic is closed for new posts.

Other stories you might like