Top Coupons Grocery Video Games TV Computers Credit Cards Home Apparel Tech Cameras Auto Health & Beauty Children Entertainment Travel
Forum Thread

PSA: Check your balance for PayPal Digital Gifts bought from Ebay. Your digital gift cards might have been comprimised and have an 0 balance.

+30 Deal Score
75,870 Views
I bought a Best Buy gc in early August. I went to use it today and notice the balance is 0. I thought maybe I had used it but I was sure I did not. Checked my BB order history and no orders were placed after the date which I bought it from Ebay. Anyone else have this happen to them? Who did you contact BB or EBay/PayPal?


-----------
Updated thread title to be more descriptive.
Add Comment
Reply
Created 09-11-2016 at 12:27 AM by SoldierHill
If you purchase something through a post on our site, Slickdeals may get a small share of the sale.
Deal
Score +30
75,870 Views

Community Wiki

Last Edited by theST0RM January 26, 2017 at 08:16 AM
The issue is that PayPal Digital Gifts mistakenly allowed gift card claim pages to be indexed by search engines. This allowed anyone to search for those pages and use the gift card codes before the owners did. There are confirmed reports of stolen gift cards dating back to March 2016 at least. If you bought a gift card from PayPal Digital Gifts on eBay, use the balance immediately! PayPal Facebook group sent user a message saying "the issue" affected cards purchased between May 4 and August 31.

Contact for PayPal Digital Gifts [paypal-gifts.com]

Link to eBay gift certificates associated with PayPal prior to March 2016 (login to PayPal first): https://www.paypal.com/cgi-bin/cu...-available

Additional info:File a complaint with your state's attorney general
https://oag.ca.gov/contact/consum...or-company

and the FTC
https://www.ftc.gov/complaint [ftc.gov]


LIST OF LOCATIONS WHERE GIFT CARDS WERE USED (per Best Buy customer service):
Hialeah FL Best Buy (http://stores.bestbuy.com/fl/hial...e-555.html) on 10/1/2016. $75 worth of GCs purchased 6/30/2016.
Roseville Ca Best Buy 15 $100 gift cards were used to buy a $1500 BB gift card on 9/15/16.

602 Comments

1 2 3 4 5

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2010
L8: Grand Teacher
3,756 Posts
2,050 Reputation
09-11-2016 at 12:49 AM #3
Nothing to do with BB or Ebay as they wouldn't do much about it except providing you with the information when and where is the gift card is used. Contacted Paypal to resolve this and asked to speak to their gift card department. Rumor said that PPGCs have been hacked and many gift cards were stolen that is why they shut down their site for a few days.
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Sep 2012
L2: Beginner
53 Posts
14 Reputation
09-11-2016 at 12:49 AM #4
There was a thread about this last week but with Target gift cards. Can't find it now, but I know ive seen other threads with people having the same issue.
Reply Helpful Comment? 0 0
This comment has been rated as unhelpful by Slickdeals users
Joined Jan 2010
L5: Journeyman
650 Posts
167 Reputation
Pro
09-11-2016 at 06:47 AM #5
SVM gift cards sold on eBay have also gotten hacked - a Circle K card I bought from them was depleted a week before I tried using it. They claim they are just a third party reseller and referred me to Circle K customer service, who is now "investigating". At this point I can't say if the hack was at SVM or Circle K, but I'm done buying gift cards on eBay. I would recommend others do the same.
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Jul 2014
L7: Teacher
2,352 Posts
220 Reputation
09-11-2016 at 08:20 AM #6
Quote from mosd88
:
SVM gift cards sold on eBay have also gotten hacked - a Circle K card I bought from them was depleted a week before I tried using it. They claim they are just a third party reseller and referred me to Circle K customer service, who is now "investigating". At this point I can't say if the hack was at SVM or Circle K, but I'm done buying gift cards on eBay. I would recommend others do the same.
So you had a physical Circle K gift card from SVM depleted after you received it? I thought that physical cards were a lot safer.
Reply Helpful Comment? 0 0
This comment has been rated as unhelpful by Slickdeals users
Joined Jan 2010
L5: Journeyman
650 Posts
167 Reputation
Pro
09-11-2016 at 10:06 AM #7
Quote from agentstryker909
:
So you had a physical Circle K gift card from SVM depleted after you received it? I thought that physical cards were a lot safer.
Yes that is exactly what happened, about 14 weeks after I received them. As for physical cards being safer... well... when SVM sends you the cards, they are glued to a "thank you" letter which has the card number on it. So their computers are holding the card number at some point. Circle K cards don't have a PIN, which means if those computers are hacked then I imagine that if you have the card number, blank cards, and the right knowledge and the right equipment its very easy to encode your own. At this point I don't know whether SVM or Circle K systems were compromised. I'm still trying to find out which Circle K this card was emptied at... not getting any help on that from SVM and very little help from Circle K at this time.
Reply Helpful Comment? 0 0
Last edited by mosd88 September 11, 2016 at 10:09 AM.
This comment has been rated as unhelpful by Slickdeals users
Joined Jul 2014
L7: Teacher
2,352 Posts
220 Reputation
09-11-2016 at 10:26 AM #8
Quote from mosd88
:
Yes that is exactly what happened, about 14 weeks after I received them. As for physical cards being safer... well... when SVM sends you the cards, they are glued to a "thank you" letter which has the card number on it. So their computers are holding the card number at some point. Circle K cards don't have a PIN, which means if those computers are hacked then I imagine that if you have the card number, blank cards, and the right knowledge and the right equipment its very easy to encode your own. At this point I don't know whether SVM or Circle K systems were compromised. I'm still trying to find out which Circle K this card was emptied at... not getting any help on that from SVM and very little help from Circle K at this time.
I am sitting on a ton of SVM gas gift cards for Circle K, 76, and ConocoPhillips. I haven't had problems using them over the past 6+ months. I wonder if I can convert these gift cards over to new gift cards at the gas stations?
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2014
L10: Grand Master
16,049 Posts
3,026 Reputation
09-11-2016 at 12:12 PM #9
Simple solution. The second you get your ebay GC, use it to buy something dirt cheap. Then it's locked to your account and no one can five finger it.

As to how these things get lifted, I don't think has to do with a server getting hacked and number stolen. I think it's just brute force. There's a pattern to the numbers. They just keep trying numbers until they find one with a balance. The same way people crack passwords.
Reply Helpful Comment? 0 0

Sign up for a Slickdeals account to remove this ad.

This comment has been rated as unhelpful by Slickdeals users
Joined Dec 2010
L8: Grand Teacher
3,756 Posts
2,050 Reputation
09-11-2016 at 12:16 PM #10
Quote from ghostofposterspast
:
Simple solution. The second you get your ebay GC, use it to buy something dirt cheap. Then it's locked to your account and no one can five finger it.

As to how these things get lifted, I don't think has to do with a server getting hacked and number stolen. I think it's just brute force. There's a pattern to the numbers. They just keep trying numbers until they find one with a balance. The same way people crack passwords.
Doubt that for Paypal, it happened to multiple types of gift cards such as itunes, BB, target etc.
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Jan 2010
L5: Journeyman
650 Posts
167 Reputation
Pro
09-11-2016 at 12:31 PM #11
Quote from agentstryker909
:
I am sitting on a ton of SVM gas gift cards for Circle K, 76, and ConocoPhillips. I haven't had problems using them over the past 6+ months. I wonder if I can convert these gift cards over to new gift cards at the gas stations?
Yup I had a bunch too, various brands so I could "GasBuddy" the cheapest one at any given time. Gonna work through what I have left and that's that. $100 lost wipes out pretty much all the savings from every card I ever bought.
Reply Helpful Comment? 1 0
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2004
L10: Grand Master
7,617 Posts
1,982 Reputation
09-13-2016 at 05:51 AM #12
Quote from ghostofposterspast
:

I don't think has to do with a server getting hacked and number stolen. I think it's just brute force. There's a pattern to the numbers. They just keep trying numbers until they find one with a balance. The same way people crack passwords.
Paypal gifts had a fail robots.txt file that allowed search engines to index the "here is your PayPal gift card" pages. "Hackers" simply read the GC and email info off the cache of search engines like google. This is for digital GCs obviously.
Reply Helpful Comment? 0 0
Last edited by DeltaMajor156 September 13, 2016 at 05:55 AM.
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2014
L10: Grand Master
16,049 Posts
3,026 Reputation
09-13-2016 at 12:29 PM #13
Quote from DeltaMajor156
:
Paypal gifts had a fail robots.txt file that allowed search engines to index the "here is your PayPal gift card" pages. "Hackers" simply read the GC and email info off the cache of search engines like google. This is for digital GCs obviously.
But regardless of the robots.txt, they should have an .htaccess that forbids access to those directories. Since robots.txt or not, anyone can simply browse into those directories and look at the pages.
Reply Helpful Comment? 0 0
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2004
L10: Grand Master
7,617 Posts
1,982 Reputation
09-13-2016 at 12:39 PM #14
Quote from ghostofposterspast
:
But regardless of the robots.txt, they should have an .htaccess that forbids access to those directories. Since robots.txt or not, anyone can simply browse into those directories and look at the pages.
Not sure what it all means, just repeating some things I've read recently. What do you make of this?


Code:
https://www.google.com/?gws_rd=ssl#q=site:paypal-gifts.com+Here%27s+your+Gift+Card&filter=0
Reply Helpful Comment? 0 0
This comment has been rated as unhelpful by Slickdeals users
Joined Nov 2014
L10: Grand Master
16,049 Posts
3,026 Reputation
09-13-2016 at 02:20 PM #15
Quote from DeltaMajor156
:
Not sure what it all means, just repeating some things I've read recently. What do you make of this?


Code:
https://www.google.com/?gws_rd=ssl#q=site:paypal-gifts.com+Here%27s+your+Gift+Card&filter=0
A robot.txt file is only a request that spiders/indexers don't index that directory. It's like putting up a no trespassing sign. Just like a no trespassing sign, nothing keeps someone from going in if they choose to ignore it. You need security for that. Either to keep them off your property or to keep them out of your directory. That's what .htaccess does. Do you think a simple no trespassing sign will keep people who would steal codes out? Just because google doesn't index it, doesn't mean it doesn't exist.
Reply Helpful Comment? 0 0
Page 1 of 41
1 2 3 4 5
Join the Conversation
Add a Comment
 

Top Coupons & Promo Codes

Coupon $10 OFF $10 Off Orders $50 or More + Free Shipping 1485 Redeemed
Coupon 25% OFF 25% Off HP ENVY Laptops $899 or more + Free Shipping 2037 Redeemed
Coupon $10 Off $15+ with Groupon Plus Sign Up 14071 Redeemed
Coupon 30% OFF 30% Off Sitewide 419 Redeemed
Coupon 15% OFF Extra 15% Off Bedding and Bath 1906 Redeemed

Popular Deals

52
Apple iPad 9.7" WiFi Tablet (Latest Model): 128GB $329 or 32GB $249 + Free Shipping
65
40-Treatment Crest 3D White Whitestrips Professional Effects Kit $44.88
3822
Project Stream beta users will get Assassins Creed: Odyssey FREE on PC
915
Vizio P65-F1 $999.99
166
Samsung Fast Charging Dual-Port Vehicle Charger - Clearance B&M Only $7

Trending Deals

4  •  94
Verizon BOGO iPhone & Pixel 3
6  •  12
Purchase a Nintendo Switch console and get a $25 Target GC starts 12/16-12/22 $299
3  •  13
current TIVO Roamio OTA owners: get $200 off Tivo BOLT OTA with roamio trade in. ymmv.
3  •  2
Toyota Insider Pricing sheet snagged out at a dealer $20000
3  •  1
6-Piece LOFT by Lortex Modern Home Trends Towel Set (Various Colors) $12.72 AC at Home Depot w/ Free In-Store Pickup And More

More from the Slickdeals Blog

Deck the Halls with These Christmas Lights Deals
Great Nintendo Switch Bundle Deals for the Holidays
This Holiday's Best PlayStation 4 Bundle Deals
The Razer BlackWidow Elite is a Luxurious Keyboard for Gaming Enthusiasts
HP Envy x360 Laptop Review: Versatility on a Budget
 • 
 •  Full Site
  • Apps
Copyright 1999 - 2018. Slickdeals, LLC. All Rights Reserved. Copyright / Infringement Policy  •  Privacy Policy  •  Terms of Service  •  Acceptable Use Policy (Rules)  •  Interest-Based Ads
Link Copied to Clipboard
Search in