Comments

You must log in or register to comment.

fwubglubbel t1_j52qowg wrote

Why the fuck does PayPal have anyone's SSN?

32

RaveDigger t1_j52ucfh wrote

I made the mistake of taking payment for something using PayPal and I couldn't withdraw the money without giving them my SSN. Such fucking bullshit and now even worse that it's been leaked. This is why I didn't want to give you my SSN PayPal! Fuck you!

16

Fatboyneverchange t1_j52xm42 wrote

It will be just like Equifax, after the lawyers take half the settlement everyone will get a check for $10 in the mail.

12

Suspicious_Ram t1_j5326qt wrote

Just to make sure you understand, this is a credential stuffing breach. You would have had to use a shared password on PayPal and a different compromised site. If this does apply to you, you really need to think about changing all your passwords and make sure they’re unique per site or at least unique for each high level of risk site. IE banking, financial, isp/cellular, medical, email high risk. Social media medium. Forums low risk. Etc..

8

RaveDigger t1_j532ykm wrote

Ahhh, thank you for the explanation. I'm probably safe because I use bitwarden to auto generate complex and unique passwords for anything important. I honestly don't even know my PayPal password.

Either way fuck them for holding my money ransom.

2

LeftHandedGraffiti t1_j53wbpv wrote

Stop reusing passwords.

Hackers are constantly trying websites everywhere with username/password pairs stolen in breaches. Its programmatic, uses rotating proxies, and is hard to stop for most security/IT programs. If you reuse passwords, this will happen to you.

7

[deleted] t1_j53wcak wrote

Fucking how. Get ur shit together Paypal

1

jens-2420 t1_j53yhg4 wrote

Social Security numbers at PayPal? Really?

3

BlingyStratios t1_j547a07 wrote

Yup! I had to deal with this a couple years ago. I had to write a custom little thing to automate adding them to our firewalls from all our kibana logs.

They didn’t give a fuck, they’d cycle through hundreds and hundreds of IPs every day and management never let me block more then /32s. Went on for months…

2

CrazyAlien51 t1_j552qld wrote

Deleting my shit today, these companies are grossly unsecured.

2

LeftHandedGraffiti t1_j569p99 wrote

And by the time you've blocked them, they've moved onto other IPs. I worked at a company that took these attacks very seriously but never found a way to block them. We just watched and reset the account passwords to prevent the accounts from being used.

1