Top Coupons Grocery Video Games TV Computers Credit Cards Home Apparel Tech Cameras Auto Health & Beauty Children Entertainment Travel
Forum Thread

PSA: Check your balance for PayPal Digital Gifts bought from Ebay. Your digital gift cards might have been comprimised and have an 0 balance.

+30 Deal Score
77,351 Views
I bought a Best Buy gc in early August. I went to use it today and notice the balance is 0. I thought maybe I had used it but I was sure I did not. Checked my BB order history and no orders were placed after the date which I bought it from Ebay. Anyone else have this happen to them? Who did you contact BB or EBay/PayPal?


-----------
Updated thread title to be more descriptive.
Add Comment
Reply
Created 09-11-2016 at 12:27 AM by SoldierHill
If you purchase something through a post on our site, Slickdeals may get a small share of the sale.
Deal
Score +30
77,351 Views

Community Wiki

Last Edited by theST0RM January 26, 2017 at 08:16 AM
The issue is that PayPal Digital Gifts mistakenly allowed gift card claim pages to be indexed by search engines. This allowed anyone to search for those pages and use the gift card codes before the owners did. There are confirmed reports of stolen gift cards dating back to March 2016 at least. If you bought a gift card from PayPal Digital Gifts on eBay, use the balance immediately! PayPal Facebook group sent user a message saying "the issue" affected cards purchased between May 4 and August 31.

Contact for PayPal Digital Gifts [paypal-gifts.com]

Link to eBay gift certificates associated with PayPal prior to March 2016 (login to PayPal first): https://www.paypal.com/cgi-bin/cu...-available

Additional info:File a complaint with your state's attorney general
https://oag.ca.gov/contact/consum...or-company

and the FTC
https://www.ftc.gov/complaint [ftc.gov]


LIST OF LOCATIONS WHERE GIFT CARDS WERE USED (per Best Buy customer service):
Hialeah FL Best Buy (http://stores.bestbuy.com/fl/hial...e-555.html) on 10/1/2016. $75 worth of GCs purchased 6/30/2016.
Roseville Ca Best Buy 15 $100 gift cards were used to buy a $1500 BB gift card on 9/15/16.

603 Comments

1 2 3 4 5

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2010
L8: Grand Teacher
3,757 Posts
2,050 Reputation
09-11-2016 at 12:49 AM #3
Nothing to do with BB or Ebay as they wouldn't do much about it except providing you with the information when and where is the gift card is used. Contacted Paypal to resolve this and asked to speak to their gift card department. Rumor said that PPGCs have been hacked and many gift cards were stolen that is why they shut down their site for a few days.
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Sep 2012
L2: Beginner
53 Posts
14 Reputation
09-11-2016 at 12:49 AM #4
There was a thread about this last week but with Target gift cards. Can't find it now, but I know ive seen other threads with people having the same issue.
Reply Helpful Comment? 0 0
This comment has been rated as unhelpful by Slickdeals users
Joined Jan 2010
L5: Journeyman
691 Posts
175 Reputation
Pro
09-11-2016 at 06:47 AM #5
SVM gift cards sold on eBay have also gotten hacked - a Circle K card I bought from them was depleted a week before I tried using it. They claim they are just a third party reseller and referred me to Circle K customer service, who is now "investigating". At this point I can't say if the hack was at SVM or Circle K, but I'm done buying gift cards on eBay. I would recommend others do the same.
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Jul 2014
L7: Teacher
2,357 Posts
220 Reputation
09-11-2016 at 08:20 AM #6
Quote from mosd88
:
SVM gift cards sold on eBay have also gotten hacked - a Circle K card I bought from them was depleted a week before I tried using it. They claim they are just a third party reseller and referred me to Circle K customer service, who is now "investigating". At this point I can't say if the hack was at SVM or Circle K, but I'm done buying gift cards on eBay. I would recommend others do the same.
So you had a physical Circle K gift card from SVM depleted after you received it? I thought that physical cards were a lot safer.
Reply Helpful Comment? 0 0
This comment has been rated as unhelpful by Slickdeals users
Joined Jan 2010
L5: Journeyman
691 Posts
175 Reputation
Pro
09-11-2016 at 10:06 AM #7
Quote from agentstryker909
:
So you had a physical Circle K gift card from SVM depleted after you received it? I thought that physical cards were a lot safer.
Yes that is exactly what happened, about 14 weeks after I received them. As for physical cards being safer... well... when SVM sends you the cards, they are glued to a "thank you" letter which has the card number on it. So their computers are holding the card number at some point. Circle K cards don't have a PIN, which means if those computers are hacked then I imagine that if you have the card number, blank cards, and the right knowledge and the right equipment its very easy to encode your own. At this point I don't know whether SVM or Circle K systems were compromised. I'm still trying to find out which Circle K this card was emptied at... not getting any help on that from SVM and very little help from Circle K at this time.
Reply Helpful Comment? 0 0
Last edited by mosd88 September 11, 2016 at 10:09 AM.
This comment has been rated as unhelpful by Slickdeals users
Joined Jul 2014
L7: Teacher
2,357 Posts
220 Reputation
09-11-2016 at 10:26 AM #8
Quote from mosd88
:
Yes that is exactly what happened, about 14 weeks after I received them. As for physical cards being safer... well... when SVM sends you the cards, they are glued to a "thank you" letter which has the card number on it. So their computers are holding the card number at some point. Circle K cards don't have a PIN, which means if those computers are hacked then I imagine that if you have the card number, blank cards, and the right knowledge and the right equipment its very easy to encode your own. At this point I don't know whether SVM or Circle K systems were compromised. I'm still trying to find out which Circle K this card was emptied at... not getting any help on that from SVM and very little help from Circle K at this time.
I am sitting on a ton of SVM gas gift cards for Circle K, 76, and ConocoPhillips. I haven't had problems using them over the past 6+ months. I wonder if I can convert these gift cards over to new gift cards at the gas stations?
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2014
L10: Grand Master
16,049 Posts
3,026 Reputation
09-11-2016 at 12:12 PM #9
Simple solution. The second you get your ebay GC, use it to buy something dirt cheap. Then it's locked to your account and no one can five finger it.

As to how these things get lifted, I don't think has to do with a server getting hacked and number stolen. I think it's just brute force. There's a pattern to the numbers. They just keep trying numbers until they find one with a balance. The same way people crack passwords.
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2010
L8: Grand Teacher
3,757 Posts
2,050 Reputation
09-11-2016 at 12:16 PM #10
Quote from ghostofposterspast
:
Simple solution. The second you get your ebay GC, use it to buy something dirt cheap. Then it's locked to your account and no one can five finger it.

As to how these things get lifted, I don't think has to do with a server getting hacked and number stolen. I think it's just brute force. There's a pattern to the numbers. They just keep trying numbers until they find one with a balance. The same way people crack passwords.
Doubt that for Paypal, it happened to multiple types of gift cards such as itunes, BB, target etc.
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Jan 2010
L5: Journeyman
691 Posts
175 Reputation
Pro
09-11-2016 at 12:31 PM #11
Quote from agentstryker909
:
I am sitting on a ton of SVM gas gift cards for Circle K, 76, and ConocoPhillips. I haven't had problems using them over the past 6+ months. I wonder if I can convert these gift cards over to new gift cards at the gas stations?
Yup I had a bunch too, various brands so I could "GasBuddy" the cheapest one at any given time. Gonna work through what I have left and that's that. $100 lost wipes out pretty much all the savings from every card I ever bought.
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2004
L10: Grand Master
7,657 Posts
1,990 Reputation
09-13-2016 at 05:51 AM #12
Quote from ghostofposterspast
:

I don't think has to do with a server getting hacked and number stolen. I think it's just brute force. There's a pattern to the numbers. They just keep trying numbers until they find one with a balance. The same way people crack passwords.
Paypal gifts had a fail robots.txt file that allowed search engines to index the "here is your PayPal gift card" pages. "Hackers" simply read the GC and email info off the cache of search engines like google. This is for digital GCs obviously.
Reply Helpful Comment? 0 0
Last edited by DeltaMajor156 September 13, 2016 at 05:55 AM.
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2014
L10: Grand Master
16,049 Posts
3,026 Reputation
09-13-2016 at 12:29 PM #13
Quote from DeltaMajor156
:
Paypal gifts had a fail robots.txt file that allowed search engines to index the "here is your PayPal gift card" pages. "Hackers" simply read the GC and email info off the cache of search engines like google. This is for digital GCs obviously.
But regardless of the robots.txt, they should have an .htaccess that forbids access to those directories. Since robots.txt or not, anyone can simply browse into those directories and look at the pages.
Reply Helpful Comment? 0 0
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2004
L10: Grand Master
7,657 Posts
1,990 Reputation
09-13-2016 at 12:39 PM #14
Quote from ghostofposterspast
:
But regardless of the robots.txt, they should have an .htaccess that forbids access to those directories. Since robots.txt or not, anyone can simply browse into those directories and look at the pages.
Not sure what it all means, just repeating some things I've read recently. What do you make of this?


Code:
https://www.google.com/?gws_rd=ssl#q=site:paypal-gifts.com+Here%27s+your+Gift+Card&filter=0
Reply Helpful Comment? 0 0
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2014
L10: Grand Master
16,049 Posts
3,026 Reputation
09-13-2016 at 02:20 PM #15
Quote from DeltaMajor156
:
Not sure what it all means, just repeating some things I've read recently. What do you make of this?


Code:
https://www.google.com/?gws_rd=ssl#q=site:paypal-gifts.com+Here%27s+your+Gift+Card&filter=0
A robot.txt file is only a request that spiders/indexers don't index that directory. It's like putting up a no trespassing sign. Just like a no trespassing sign, nothing keeps someone from going in if they choose to ignore it. You need security for that. Either to keep them off your property or to keep them out of your directory. That's what .htaccess does. Do you think a simple no trespassing sign will keep people who would steal codes out? Just because google doesn't index it, doesn't mean it doesn't exist.
Reply Helpful Comment? 0 0
Page 1 of 41
1 2 3 4 5
Join the Conversation
Add a Comment
 

Top Coupons & Promo Codes

Coupon Extra $10 Off Orders $100+ 22305 Redeemed
Coupon 20% OFF President's Day Weekend: Extra 20% Off Activities, Dining, Spas & More 259 Redeemed
Coupon 10% OFF President's Day Sale: Up to 40% Off Appliances + Extra 10% Off 200 Redeemed
Coupon 20% OFF 20% Off Sitewide for the Presidents' Day Sale 802 Redeemed
Coupon 30% OFF 20-30% Off Window Blinds 511 Redeemed

Popular Deals

60
Dell G3 15 Gaming: 1080P IPS, i5-8300H, 8GB DDR4, GTX 1050 4GB, Win10H @ $512 after $100 SD Rebate + F/S
50
Nikon D7500 4K Ultra HD DSLR Camera (Refurb, Body Only) $750 + free s/h
74
Dewalt FLEXVOLT 60-Volt MAX Lithium-Ion Cordless Brushless 7-1/4 in. Circular Saw with Bonus Angle Grinder $329
81
FUNimation Entertainment Anime TV/Films (Digital HD): Outlaw Star: The Complete Series $9.99, Deadman Wonderland $6.99, Fairy Tale: Dragon Cry $3.99 & More via Microsoft Store
54
Lenovo 2-in-1 Flex 15" Laptop (i7 8550U, 16 GB RAM (single), 512 GB SSD, FHD) $759.99

Trending Deals

6  •  16
Nintendo Switch $240 + $35 eStore code at Frys in store YMMV
1  •  19
YMMV Suncast Vanilla Resin Outdoor Storage Shed - $99.60
6  •  16
Lenovo - Yoga 730 2-in-1 13.3" Touch-Screen Laptop $629.99
5  •  0
$40 off any ABLE Standing Desk or Desk Bundle - $359 Free Shipping
4  •  4
Dewalt DW735 13" Planer Open box $339.88+tx FREE SHIP

More from the Slickdeals Blog

Save Over 50% on a Monoprice TV Wall Mount and HDMI Cables
Patagonia Sale: Save up to 50% on Select Clothing and Gear
Save Big on Spring and Summer Travel with Amtrak's BOGO Deal
The Shamrock Shake has Finally Returned to McDonald's
Women's Cozy Heat Leggings are only $5.99 from 32 Degrees
 • 
 •  Full Site
Copyright 1999 - 2019. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard
Search in