Update: As readers point out in the comments, it looks like this is somewhat limited in that only a few gift cards appear. My counter is that these shouldn’t be appearing at all (at the very least they should be noindexed on google). The URL’s do use a secure hash as well.
Earlier we posted about an issue with Paypal Digital Gifts and the fact that a lot of people reported that their balances had been zero’d out. Reddit user mgoulart noticed that you can do a simple google search and both the e-mail address and gift card code will appear when you click the results. For example, here is a page I was able to access even though I didn’t purchase this gift card:
Now I’m not 100% sure that these are valid gift card codes (I didn’t want to try to use a code in case they are), or if this is some sort of test accounts or similar by Paypal Digital Gifts – but on the surface this doesn’t look good. For the time being I’d avoid making any purchases from Paypal Digital Gifts. It might also be possible that this breach is only affecting previously purchased gift cards. It would be good if Paypal would officially comment on this issue.
So here is my situation. I originally paid for me Best Buy gift cards with Ebay gift cards, and I received 8% in ebay bucks. So if ebay/paypal issues a refund will it be in “cash” to my paypal account? How does it affect Ebay bucks received? I would honestly prefer they reissue the Best Buy gift cards, because Ebay gift cards can’t be redeemed for third party gift cards after 10/13
You probably out of luck on this. Many are having this problem. Some got Paypal refunds, but most got card refunds. Not positive about the Bucks, but brace for the worst.
What;s going on with this? Pretty sure my Best Buy cards were stolen $800+
Lots of people had this problem. You need to contact PPDG via eBay and they’ll issue you a refund.
So, here’s a question I’m scared to ask. I sold $750 in BB GCs from PPDG to ABCGiftcards. If these get compromised, ABC GCs will come back to me as fraudulently using them even though I didn’t, and charge my card. I don’t see this ending well. Hopefully someone bought and used them immediately.
Just found out my $200 Sears giftcard that I bought in March was zero out, went to eBay and it was not even showing in my history, what can I do now? Please help!
That wouldn’t make sense. All history should show in your eBay history. Maybe you bought it from PPDG direct, without eBay?
Maybe I don’t know where to find it, lost my laptop during flood a month ago so only have my phone with me and both the eBay app and website are only showing my history back to June ;(
Go to purchase history, by default it shows only most recent 60 days. In the dropdown, select 2016 to show full year. Make sure to access ebay.com in desktop mode.
I can confirm that at least one of my gift cards was stolen — used for an $1500 in-store purchase at Best Buy (my card was $100). I’ve notified Best Buy and PayPal of the fraud.
CHECK YOUR GIFT CARDS.
Update: contacted PayPal, they seem predictably uninterested. Gave me blah blah over 180 days response. Their data was compromised, I don’t see why I should be made to suffer for that.
Heads up, I am finding a lot of my Bestbuy gift cards which had balances are now zero. The only one that was not touched was the one that a small balance left, lol. I double checked balances soon after I heard the news of Paypal perhaps getting compromised from DOC. I will be contacting PaypalDigital and have my fingers crossed.
I’m in Europe right now and don’t really want to access my gift cards that I haven’t used; but I have a lot of them at home and not really thrilled about this at all. I mean, it’s their fault if the codes can be accessed online. I just can’t believe it.
I was able to find a couple more cases linked to a different email by using another search engine: https://duckduckgo.com/?q=site%3Apaypal-gifts.com+“Here%27s+your+Gift+Card”&t=h_
Really scary.
This may explain the $400 in Staples egift cards I bought that got spent out from under me.
Glad this is coming to the surface.
Now I may have a better case for small claims court.
Holy crap.. Did anyone do this and look at this in bing.. it appears to be more than 13 cards..
Doing the same search he did on bing there are different results with more cards effected..
scary thing is, if simple engines found this purely accidently, what could a person actively trying to exploit this do..
The URLs use a really long hash that cannot be bruteforced. Doesn’t seem like an issue so long as the your URL is treated like a password and never shared
Your right i just rechecked.. i thought it was on bing, but i was wrong. Results were not live gift cards..
So, nevermind my previous comments.
Updated the post a bit to make this clearer