Comments
fwubglubbel t1_j52qowg wrote
Why the fuck does PayPal have anyone's SSN?
Larten_Crepsley90 t1_j52r8e3 wrote
They operate as a bank and offer credit.
blissfulsaltiness t1_j52t24j wrote
But they're not a bank! They just do everything that a bank does. Totally different which is why they don't require oversight like a bank. See?
RaveDigger t1_j52ucfh wrote
I made the mistake of taking payment for something using PayPal and I couldn't withdraw the money without giving them my SSN. Such fucking bullshit and now even worse that it's been leaked. This is why I didn't want to give you my SSN PayPal! Fuck you!
Fatboyneverchange t1_j52xm42 wrote
It will be just like Equifax, after the lawyers take half the settlement everyone will get a check for $10 in the mail.
Suspicious_Ram t1_j5326qt wrote
Just to make sure you understand, this is a credential stuffing breach. You would have had to use a shared password on PayPal and a different compromised site. If this does apply to you, you really need to think about changing all your passwords and make sure they’re unique per site or at least unique for each high level of risk site. IE banking, financial, isp/cellular, medical, email high risk. Social media medium. Forums low risk. Etc..
nisamun t1_j5329g3 wrote
What's really stupid is Synchrony is who runs PayPal credit now but PayPal gatekeeps who can use it. PayPal should not have anyone's SSN to use PayPal credit, Synchrony should only have it.
RaveDigger t1_j532ykm wrote
Ahhh, thank you for the explanation. I'm probably safe because I use bitwarden to auto generate complex and unique passwords for anything important. I honestly don't even know my PayPal password.
Either way fuck them for holding my money ransom.
Suspicious_Ram t1_j5337sj wrote
Yes, you’re safe then.
nyaaaa t1_j534pbl wrote
Not paypals fault that you reused your password.
Edit: credential stuffing attack means: The user used the same password for paypal as they have used elsewhere before.
Fatboyneverchange t1_j535tfg wrote
I don't use PayPal lol
[deleted] t1_j53gipd wrote
[deleted] t1_j53odmi wrote
LeftHandedGraffiti t1_j53wbpv wrote
Stop reusing passwords.
Hackers are constantly trying websites everywhere with username/password pairs stolen in breaches. Its programmatic, uses rotating proxies, and is hard to stop for most security/IT programs. If you reuse passwords, this will happen to you.
[deleted] t1_j53wcak wrote
Fucking how. Get ur shit together Paypal
jens-2420 t1_j53yhg4 wrote
Social Security numbers at PayPal? Really?
BlingyStratios t1_j547a07 wrote
Yup! I had to deal with this a couple years ago. I had to write a custom little thing to automate adding them to our firewalls from all our kibana logs.
They didn’t give a fuck, they’d cycle through hundreds and hundreds of IPs every day and management never let me block more then /32s. Went on for months…
Compducer t1_j54aew2 wrote
Phewwww thank god I never signed up for that shit
CrazyAlien51 t1_j552qld wrote
Deleting my shit today, these companies are grossly unsecured.
[deleted] t1_j563pjg wrote
[deleted]
LeftHandedGraffiti t1_j569p99 wrote
And by the time you've blocked them, they've moved onto other IPs. I worked at a company that took these attacks very seriously but never found a way to block them. We just watched and reset the account passwords to prevent the accounts from being used.
WhatThePancakes t1_j52h916 wrote
Oh, good, right when I signed up for the first time.