Forum Thread

Paypal Digital Gifts System hacked. It's gtime to check your balance!!

happybuyer 289 140 September 5, 2016 at 03:56 PM in Finance (4)
Deal
Score
+5
1,858 Views

Thread Details

Both my ebay ecards purchased on 08/18 were zero out and yours may have the same issue. I know I will get reds for the post but I hope to warn others to get their money back. Good luck!!
If you purchase something through a post on our site, Slickdeals may get a small share of the sale.

Community Wiki

Last Edited by dreamsINdigital September 27, 2016 at 11:26 AM
The issue is that PayPal Digital Gifts mistakenly allowed gift card claim pages to be indexed by search engines. This allowed anyone to search for those pages and use the gift card codes before the owners did. There are confirmed reports of stolen gift cards dating back to March 2016 at least. If you bought a gift card from PayPal Digital Gifts on eBay, use the balance immediately!

Contact for PayPal Digital Gifts [paypal-gifts.com]

Additional info:

28 Comments

1 2

Sign up for a Slickdeals account to remove this ad.

#3
did you get any email that paypal system was hacked? Or is it just an issue with your cards only?
I don;t see any such report anywhere..
Reply Helpful Comment? 0 0
#4
spent mine today without issue
Reply Helpful Comment? 0 0
#5
Source?
Reply Helpful Comment? 0 0
Joined May 2010
L10: Grand Master
24,363 Posts
102,202 Reputation
Pro
#6
Quote from vipul1211 View Post :
did you get any email that paypal system was hacked? Or is it just an issue with your cards only?
I don;t see any such report anywhere..
Quote from MiniMinhMo View Post :
Source?
They were talking about this on FW.

It was reported by DoctorofCredit [doctorofcredit.com]
Reply Helpful Comment? 0 0
#7
explanation of the hack

http://www.ghacks.net/2016/09/06/...code-leak/

PayPal Digital Gift Cards code leak

by Martin Brinkmann on September 6, 2016 in Security - Last Update:September 6, 2016 2
PayPal is not only a dominating force when it comes to making online transactions between individuals and companies, it also branched of in other areas such as gift cards.

You may visit the site PayPal Gifts to purchase gift cards for various popular online and offline services using a PayPal account.

The service has a security issue currently that is caused by an improperly configured server, or more precisely, a robots.txt file.

Basically, what happens is that search engines index the "here is your PayPal gift card" pages on the site. These pages show the code of the gift card among other things. This means that anyone may use the code to grab the credit before the recipient may have a chance to redeem it.

paypal gift card
Good news is that only a handful of pages are indexed currently by Google. The main reason for this is that the gift pages are not linked anywhere on the PayPal Digital Gifts site. This means that they can only come in the index of they are linked from a location that search engine bots have access to.

Customers who purchase gift cards using PayPal's Digital Gifts service need a PayPal account for that. Recipients on the other hand don't. They can take the code and redeem it directly using the service it was created for.

The service supports a wide variety of popular online services including iTunes, Google Play, Best Buy or Apple Music.

A robots.txt file is used by webmasters to "tell" search engine bots what they can and cannot crawl on the site.

The theory is that search engines ignore any "forbidden" area as indicated by the file so that it is not indexed.

Something that is not indexed cannot come up in the search results. PayPal on the other hand redirects the robots.txt file which means that it does not use one on the site.

While fairly limited in scope, it is an issue nevertheless, and one that does not paint PayPal in a kind light.

Take away: if you get a digital gift card, redeem it right away. If you buy one, make sure the recipient does so to avoid any issues with the information leaking online.

Now You: Do you use gift cards?

Summary
Article NamePayPal Digital Gift Cards code leak
DescriptionGift cards purchased using PayPal's Digital Gifts service may leak due to an improperly configured robots.txt file that does not prevent search engine indexing.
AuthorMartin Brinkmann
Publisher
Ghacks Technology News
Reply Helpful Comment? 0 0
#8
Yes, my 3 got hacked as well. But got refunded from them via ebay.
Reply Helpful Comment? 0 0
#9
Quote from slimwantsfat View Post :
Yes, my 3 got hacked as well. But got refunded from them via ebay.
How did you go about doing this?
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

#10
My BestBuy card get drained also. They were purchased back to Mar.
Reply Helpful Comment? 0 0
#11
I just realized that my Best Buy gift card that I bought at the end of June had the balance stolen.

Is there a bigger thread where this is being discussed? There has to be a ton of people here affected.
Reply Helpful Comment? 0 0
#12
Quote from dreamsINdigital View Post :
I just realized that my Best Buy gift card that I bought at the end of June had the balance stolen.

Is there a bigger thread where this is being discussed? There has to be a ton of people here affected.
mine too .
Reply Helpful Comment? 0 0
Joined Feb 2005
Sanity Is Overrated
3,974 Posts
1,111 Reputation
#13
Someone posted about it awhile back when the Paypal Digital Gifts site disappeared for a few days.

http://slickdeals.net/f/9080311-paypal-digital-gifts-system-hacked-it-s-gtime-to-check-your-balance?v=1&src=SiteSearch
Reply Helpful Comment? 0 0
#14
Quote from Diamonique View Post :
Someone posted about it awhile back when the Paypal Digital Gifts site disappeared for a few days.

http://slickdeals.net/f/9080311-paypal-digital-gifts-system-hacked-it-s-gtime-to-check-your-balance?...
That's a link to this thread. LMAO
Reply Helpful Comment? 0 0
Joined Feb 2005
Sanity Is Overrated
3,974 Posts
1,111 Reputation
#15
Quote from dreamsINdigital View Post :
That's a link to this thread. LMAO
Oops. Well I guess there isn't a bigger thread then. I was distracted earlier and didn't even realize I was linking to the same one. Confused
Reply Helpful Comment? 0 0
Page 1 of 2
1 2
Join the Conversation
Add a Comment
 
Copyright 1999 - 2016. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard