Paypal Digital Gifts: Some Gift Card Codes Available By Google Search

Update: As readers point out in the comments, it looks like this is somewhat limited in that only a few gift cards appear. My counter is that these shouldn’t be appearing at all (at the very least they should be noindexed on google). The URL’s do use a secure hash as well.

Earlier we posted about an issue with Paypal Digital Gifts and the fact that a lot of people reported that their balances had been zero’d out. Reddit user mgoulart noticed that you can do a simple google search and both the e-mail address and gift card code will appear when you click the results. For example, here is a page I was able to access even though I didn’t purchase this gift card:

gift card

Now I’m not 100% sure that these are valid gift card codes (I didn’t want to try to use a code in case they are), or if this is some sort of test accounts or similar by Paypal Digital Gifts – but on the surface this doesn’t look good. For the time being I’d avoid making any purchases from Paypal Digital Gifts. It might also be possible that this breach is only affecting previously purchased gift cards. It would be good if Paypal would officially comment on this issue.

Subscribe
Notify of
guest

25 Comments
newest
oldest most voted

dan
dan (@guest_305533)
October 11, 2016 12:29

So here is my situation. I originally paid for me Best Buy gift cards with Ebay gift cards, and I received 8% in ebay bucks. So if ebay/paypal issues a refund will it be in “cash” to my paypal account? How does it affect Ebay bucks received? I would honestly prefer they reissue the Best Buy gift cards, because Ebay gift cards can’t be redeemed for third party gift cards after 10/13

Chuck
Editor
Chuck(@chucksithe)
October 11, 2016 13:42

You probably out of luck on this. Many are having this problem. Some got Paypal refunds, but most got card refunds. Not positive about the Bucks, but brace for the worst.

dan
dan (@guest_305427)
October 11, 2016 02:53

What;s going on with this? Pretty sure my Best Buy cards were stolen $800+

Chuck
Editor
Chuck(@chucksithe)
October 11, 2016 11:58

Lots of people had this problem. You need to contact PPDG via eBay and they’ll issue you a refund.

Greg
Greg (@guest_299663)
September 26, 2016 18:27

So, here’s a question I’m scared to ask. I sold $750 in BB GCs from PPDG to ABCGiftcards. If these get compromised, ABC GCs will come back to me as fraudulently using them even though I didn’t, and charge my card. I don’t see this ending well. Hopefully someone bought and used them immediately.

Tara
Tara (@guest_299208)
September 26, 2016 02:02

Just found out my $200 Sears giftcard that I bought in March was zero out, went to eBay and it was not even showing in my history, what can I do now? Please help!

Chuck
Editor
Chuck(@chucksithe)
September 26, 2016 12:47

That wouldn’t make sense. All history should show in your eBay history. Maybe you bought it from PPDG direct, without eBay?

Tara
Tara (@guest_300164)
September 27, 2016 22:59

Maybe I don’t know where to find it, lost my laptop during flood a month ago so only have my phone with me and both the eBay app and website are only showing my history back to June ;(

K
K (@guest_323056)
December 4, 2016 17:59

Go to purchase history, by default it shows only most recent 60 days. In the dropdown, select 2016 to show full year. Make sure to access ebay.com in desktop mode.

Daniel
Daniel (@guest_298680)
September 24, 2016 17:56

I can confirm that at least one of my gift cards was stolen — used for an $1500 in-store purchase at Best Buy (my card was $100). I’ve notified Best Buy and PayPal of the fraud.

CHECK YOUR GIFT CARDS.

Daniel
Daniel (@guest_301712)
September 30, 2016 10:46

Update: contacted PayPal, they seem predictably uninterested. Gave me blah blah over 180 days response. Their data was compromised, I don’t see why I should be made to suffer for that.

Couches
Couches (@guest_298485)
September 23, 2016 21:09

Heads up, I am finding a lot of my Bestbuy gift cards which had balances are now zero. The only one that was not touched was the one that a small balance left, lol. I double checked balances soon after I heard the news of Paypal perhaps getting compromised from DOC. I will be contacting PaypalDigital and have my fingers crossed.

farsighted99
farsighted99 (@guest_292909)
September 8, 2016 12:36

I’m in Europe right now and don’t really want to access my gift cards that I haven’t used; but I have a lot of them at home and not really thrilled about this at all. I mean, it’s their fault if the codes can be accessed online. I just can’t believe it.

Roman
Roman (@guest_292190)
September 6, 2016 10:00

I was able to find a couple more cases linked to a different email by using another search engine: https://duckduckgo.com/?q=site%3Apaypal-gifts.com+“Here%27s+your+Gift+Card”&t=h_

Really scary.

Slow Roller
Slow Roller (@guest_292093)
September 6, 2016 00:01

This may explain the $400 in Staples egift cards I bought that got spent out from under me.
Glad this is coming to the surface.
Now I may have a better case for small claims court.

SteveX
SteveX (@guest_292082)
September 5, 2016 23:34

Holy crap.. Did anyone do this and look at this in bing.. it appears to be more than 13 cards..

SteveX
SteveX (@guest_292083)
September 5, 2016 23:39

Doing the same search he did on bing there are different results with more cards effected..

scary thing is, if simple engines found this purely accidently, what could a person actively trying to exploit this do..

Dan
Dan (@guest_292087)
September 5, 2016 23:47

The URLs use a really long hash that cannot be bruteforced. Doesn’t seem like an issue so long as the your URL is treated like a password and never shared

SteveX
SteveX (@guest_292089)
September 5, 2016 23:51

Your right i just rechecked.. i thought it was on bing, but i was wrong. Results were not live gift cards..

So, nevermind my previous comments.