# WARNING: Paypal Security Breach



## Grandcheapskate (Jan 5, 2006)

I have discovered a security breach in Paypal which is allowing eBay to gain access to your Paypal account information including allowing eBay to access your Paypal account and transfer money without you ever signing on to Paypal. It is also allowing eBay to display your bank name, credit card name and the last four digits of both numbers…which means eBay has acquired both your bank account information and credit card information from Paypal without your consent.

I am currently awaiting a return call from Paypal. A high level issue has been opened in Paypal to determine how and why eBay has gotten this information.

eBay has gone to a new checkout system and according to the rep I spoke with at eBay, Paypal has given eBay the authority to access your Paypal account without the need for you to supply either your Paypal ID or password. This means anyone who may gain access to your eBay account has, by default, full access to your Paypal account (and therefore your credit cards and bank account). While they may not be able to withdraw money, gaining access to your eBay account means they could make eBay purchases and pay for them with your Paypal account.

While I wait for a return call from Paypal, I am again going to speak with eBay and find out how they gained access to information which is supposed to be help solely in the custody of Paypal.

Thanks…Joe


----------



## Dyno Dom (May 26, 2007)

Thanks for info Joe, :thumbsup: Please keep us updated!


----------



## TUFFONE (Dec 21, 2004)

There are two Paypal options for your Ebay account. You can allow automatic access from your Paypal account from your Ebay account so you don't have to sign in to Paypal to complete your purchase. My Ebay account is set up so I have to sign in to Paypal with my password for each transaction. I believe that this is an option for everyone and can be set up either way. The first option is not really a security breach as much as it is a convenience option. That is the way I understand the options.


----------



## 60chevyjim (Feb 21, 2008)

if you have windows 10 that is a big problem with it too.


----------



## alpink (Aug 22, 2010)

jim, there are featyures of 10 you can turn off to prevent that. please, don't ask me how


----------



## Grandcheapskate (Jan 5, 2006)

Let me issue an update and further clarification.

I called eBay trying to determine where and how they gained access to my Paypal information. The rep kept telling me about their new checkout system and how I (somehow) checked a box which allowed eBay to now withdraw money from my Paypal account without the need for me to sign onto Paypal. She led me to the option where (supposedly) this “automatic payment” option is active and there is a “remove” option.

I never activated this option (unless it is some checkbox located somewhere on some screen and defaults to activating this feature).

But the point here is this…(1) when/how did this get activate and (2) how did eBay get information which only Paypal should have?

Linking an eBay account and your Paypal account should not, and cannot, grant eBay unencumbered access to your Paypal account. The Paypal password is there for a reason and this just nullifies it. As far as I am concerned, my security has been violated because now information which only Paypal should have is in the hands of eBay. How many other merchants will Paypal allow this type of access?

In my conversation with the Paypal rep, he confirmed no access can be gained to your Paypal account without the need to sign on and supply a password. Somehow eBay is bypassing this requirement. This leads to only two conclusions:

1. eBay has captured the data traffic between me and Paypal and stored that information
2. Pyapal freely gave out confidential information to a merchant.

Both of the above are illegal. I will need to contact both parties again tomorrow, along with whatever agency oversees Paypal. As far as I am concerned, both my bank account and credit card have been compromised and both eBay and Paypal are liable.

Thanks…Joe


----------



## alpink (Aug 22, 2010)

joe, you never OK those "improvements". they become part of the Terms Of Service and YOU have to look for where to dissallow it. that is the way eBay operates. at least since i have been a member


----------



## alpink (Aug 22, 2010)

and, yes, that is how it works, the box is automatically(default) set to agree. and YOU have to find it and uncheck it.
they pay huge taxes and have favor with the courts.
sue if you like, but they will get delays untill you die. and you will spenc all your money on a lawyer that can do nothing.
sorry, i agree with you on the basics, but I keep saying the serenity prayer to help me through that.

have you bought any 4 lam arms yet? ruh roh
LOL


----------



## Grandcheapskate (Jan 5, 2006)

alpink said:


> and, yes, that is how it works, the box is automatically(default) set to agree. and YOU have to find it and uncheck it.
> they pay huge taxes and have favor with the courts.
> sue if you like, but they will get delays untill you die. and you will spenc all your money on a lawyer that can do nothing.
> sorry, i agree with you on the basics, but I keep saying the serenity prayer to help me through that.


The basic question remains...how did eBay get information which is supposed to be kept private and protected by Paypal?


----------



## alpink (Aug 22, 2010)

they used to own PayPal and had the right to that information at that time.
change your passwords regularly


----------



## alpink (Aug 22, 2010)

Joe, also, if you clear your cache on your computer daily and reboot, then some of the aout features of your computer will be "washed" and some of the sign ins will be necessary.
i have seen the page that pops up from eBayl requesting that I approve automatic sign-in to PayPal. but it resets everytime I either reboot or clear my cache.
these are the simple things we all need to learn to help protect our sanity and IDs


----------



## alpink (Aug 22, 2010)

and, I am currently reveiwing an email from PayPal that came about 7:30 pm eastern on November 18 2015 completely describing the feature.
it does not appear to be a conspiracy and PayPal is suggesting that I allow many vendors this same privilege for up to six months by clicking the agreement box.
something to give serious consideration to before deciding


----------



## 60chevyjim (Feb 21, 2008)

Grandcheapskate said:


> The basic question remains...how did eBay get information which is supposed to be kept private and protected by Paypal?


do you have windows 10 ?
if so get rid of it ,
I just got rid of windows 10 on my computer tonight.
now many problems are gone..


----------



## slotcardan (Jun 9, 2012)

.........


----------



## Grandcheapskate (Jan 5, 2006)

HI Guys,
I am running Widows 7 with auto updates turned off on both Windows and Firefox (I look to update Firefox about once a week). I have cleared all cache/cookies and even rebooted, but the situation has not changed.

The eBay side is confirming this is part of their new checkout system. The Paypal rep is telling me no one has the authority to do what eBay is doing (accessing Paypal without the user signing on).

Both companies promised me a call back last night. Neither did. I will be calling Paypal today to follow up on the problem ticket.

Bottom line...eBay has information which is supposed to be kept private by Paypal. How it got that information is the question. If Paypal is handing out that information, I am sure it is violating federal security rules.

Do with the information I've provided as you see fit.

Joe


----------



## slotcarman12078 (Oct 3, 2008)

When Ebay does a terms of service update, you have to read what it encompasses every time. They slipped that international shipping/forwarding service agreement in with one. Funny how the change is instantaneous, but to revert back takes days and requires you to find the option in your settings to fix it. I wouldn't be shocked if they've tried to make auto pay (without logging in) the default set up too. I doubt you chose to do it...


----------



## SUNGOD (Jan 20, 2006)

Paypal supposedly split from Ebay recently but I wonder if they really did. Ebay used to own them so I'm not surprised at this.


----------



## Tuxedo (Dec 14, 2011)

SUNGOD said:


> Paypal supposedly split from Ebay recently but I wonder if they really did. Ebay used to own them so I'm not surprised at this.


I doubt they did. Pay Pal "held my funds" on every damn eBay sale I made. Sometimes up to three weeks and then when"payday" would finally arrive they would move it ahead another week or two. I finally started calling them on every sale and said whats up? I mean your holding money on an item they have already received and left good feedback for ! 
The excuse I got was that I was a new seller! How did they know if I was new or not unless eBay still owns them?


----------



## slotking (May 27, 2008)

> I am running Widows 7 with auto updates turned off on both Windows and Firefox (I look to update Firefox about once a week). I have cleared all cache/cookies and even rebooted, but the situation has not changed.


I am a long term firefox bigot!!
I have been using since the beginning. I finally switched over to chrome.
it is more secure and the lag and other issues I started to get with firefox are gone.

I know working better because the wife is happier with the steaming on her PC


----------



## alpink (Aug 22, 2010)

" .....steaming on her PC" ...
LOL I can read typonese with the best of them
LOL

I too switched from firefox to chrome...
and I used to try to convince everyone to use firefox.
for awhile it was head and shoulders above other browsers, but not for long.


----------



## Grandcheapskate (Jan 5, 2006)

It's now been about 5 days since the problem ticket was opened asking how eBay got my financial data. Still no resolution from Paypal.

If this was the way it was supposed to work, Paypal would have told me already. Since Paypal and eBay are now separate companies, eBay should have no access to Paypal data. For every merchant which gets private Paypal data, that is just one more avenue to a potential hack of your Paypal and/or bank/credit card account.

Joe


----------



## slotcardan (Jun 9, 2012)

........


----------



## Grandcheapskate (Jan 5, 2006)

slotcardan said:


> just a heads up....
> Amazon about to announce a major customer information hack.... change your amazon password, ASAP!


This is a reason I find it so disturbing eBay can get to Paypal. Last time eBay was hacked they sat on the info for quite a while before letting everyone know they needed to change their password. While it might be bad enough to unravel the damage someone may do by bidding on items you don't want, regaining money pulled from Paypal would be a nightmare and I'm sure would not happen overnight.

Joe


----------



## SUNGOD (Jan 20, 2006)

Tuxedo said:


> I doubt they did. Pay Pal "held my funds" on every damn eBay sale I made. Sometimes up to three weeks and then when"payday" would finally arrive they would move it ahead another week or two. I finally started calling them on every sale and said whats up? I mean your holding money on an item they have already received and left good feedback for !
> The excuse I got was that I was a new seller! How did they know if I was new or not unless eBay still owns them?




Exactly. Are they really separate one wonders.....or is there some advantage of saying they're separate when they're not.


----------



## Tuxedo (Dec 14, 2011)

SUNGOD said:


> Exactly. Are they really separate one wonders.....or is there some advantage of saying they're separate when they're not.


When I asked them how they knew I was a "New Seller". They man asked me what I meant. ( It should have been obvious but I spelled it out for him)
I said I have been with Pay Pal for years. I've never sold ANYTHING on Pay Pal and his response was well..on eBay you are and again I asked him How do you know that? His response was that they "knew"


----------



## alpink (Aug 22, 2010)

playing devils advocate.
just for some understanding here.....


PayPal and eBay were together for soem time.
they were under the eBay banner, much as Jeep is under the Dodge(Chrysler) banner.
if jeep were (not likely) to be sold off, they would not be required to give up the proprietary information they gained by having been part of the corporation.

such is the case with eBay and PayPal.

since eBay once owned (and I am not going to entertain whether or not they still do) PayPal, they shared all each others information, completetly legal.
they are NOT required to delete information they gained while being a legal commercial entity.
at some point, while still belonging to the same commercial venture, there was (and probably still is) a choice about allowing direct billing, for various purposes, between the two companies (probably actually corporations).

as I AND SOMEONE ELSE pointed out, frequently when the Terms Of Service (TOS) are changed on either site, those changes include inclusion in specific agreement to those terms automatically.
more often than not, some sort of communication takes place to the mundane members, like myself, that those gahnces have been effected and that one can opt out if one likes.
most of the time said changes are for the convenience and profitability of eBay and/or PayPal.
occasionally they work out for us as well.
I frequently investigate all of the inclusions on both sites within my member account to make sure that they are what I prefer.

I suggest every one do that, and change passwords frequently.


----------



## Bubba 123 (Sep 10, 2010)

SUNGOD said:


> Exactly. Are they really separate one wonders.....or is there some advantage of saying they're separate when they're not.


being "Separate-Entities".. saves one from the other in lawsuits, ect...
like "LLC" do..


Bubba 123:wave:


----------



## SUNGOD (Jan 20, 2006)

Bubba 123 said:


> being "Separate-Entities".. saves one from the other in lawsuits, ect...
> like "LLC" do..
> 
> 
> Bubba 123:wave:





That's a very interesting point.


----------



## SCJ (Jul 15, 1999)

*Removing Auto Pay*

I believe this will remove the auto pay "feature" ebay slipped in. :thumbsup:



Removing payment information from your account

To remove your payment method information:

1.Go to My eBay.
2.Click the Account tab and then click the Personal Information link on the left.
3.In the Financial Information section, find the payment method you'd like to remove and click the Remove link on the right.


You may still accrue fees for any listings you have on the site, as well as monthly fees if you have any active subscriptions such as eBay Stores. Make sure you cancel any subscriptions if you want to close your account.

If you have an outstanding balance, you'll need to make a onetime payment before you can remove your payment information.



------------------------------
www.SlotCarJohnnies.com


----------



## Grandcheapskate (Jan 5, 2006)

Just a little update for those who care.

It looks like the way to turn on eBay's "streamlined checkout" is a small checkbox which appears when you are signing onto Paypal during a purchase. Turning on this feature apparently allows eBay to access your Paypal account without the need for you to sign onto Paypal for any future eBay purchases...not just in this session, but forever. I am still not sure of the procedure to turn this feature off once activated, but I know it is done from inside your eBay account settings. An eBay rep walked me through the process and I do not remember all the steps.

This feature is not the same as linking your eBay and Paypal accounts, although it's possible that if you link the accounts, this feature gets turned on. I never activated this feature so how it got activated is still a mystery.

How do you know if it's activated? When you get to the eBay checkout screen, does the Paypal payment option already show your credit card and bank info? If so, streamlined checkout is active. The financial info should not show up until you sign into Paypal. 

So, here's where I am at in trying to get an answer from Paypal. My initial problem ticket is still open on the Paypal side for over a month. Paypal still insists on two things:

1. There is no way to get access to your Paypal account without an explicit signon.
2. Paypal does not release financial information to anyone...and that includes eBay.

I also made them aware of the fact eBay does not sign you off Paypal even after you sign off eBay...the rep agreed this is a serious security flaw. It is obvious eBay is accessing Paypal different from every other vendor.

Obviously, if eBay is doing something of which Paypal is aware, I would have had an answer to my problem ticket. The fact Paypal cannot answer how/why eBay is violating their policies, and how eBay is getting private Paypal information and bypassing a Paypal signon, is an indication something is wrong.

The Paypal help desk keeps declaring eBay should not have Paypal financial information. Therefore, in my mind eBay is illegally storing Paypal financial information on ther site. Basically, unlike every other merchant, eBay is capturing your initial Paypal signon and storing that info (maybe even if you do not use the streamlined checkout). As I explained to the Paypal rep, once your financial data gets outside the Paypal door, Paypal can no longer control access to that information. So your financial information is now at risk not just from a hack of Paypal, but eBay as well.

Imagine two scenerios. The first is when eBay cannot get to your Paypal account without your exlicit signon, and the other is when eBay can get to Paypal without your signon. In both scenerios, assume someone has hacked your eBay account and bid/bought dozens of items.

In scenerio #1 where eBay cannot get to Paypal without a signon, those items remain unpaid and unshipped until payment is made. Therefore you can catch the problem and resolve it before anything is paid and shipped.

In scenerio #2, the hacker can do real damage by paying for the items without knowing your Paypal ID or password. Now you have two major problems. Before you realize what has happened, payment has already been taken from your Paypal account and the items have shipped (maybe to your address and maybe not). To resolve this issue would then require you to return all the items (assuming the seller will take them back) and then try to recover your Paypal payment. It would be a nightmare and take weeks to clear up.

Joe


----------



## alpink (Aug 22, 2010)

Joe, thank you for that informational update.
to make it clear to you about how YOU got linked in.

that check box you speak of in the payment window ....
" It looks like the way to turn on eBay's "streamlined checkout" is a small checkbox which appears when you are signing onto Paypal during a purchase."
....is checked automatically every time you use PayPal and YOU have to UNCHECK it.

alas, this is the way of the world
caveat emptor


----------



## Grandcheapskate (Jan 5, 2006)

alpink said:


> Joe, thank you for that informational update.
> to make it clear to you about how YOU got linked in.
> 
> that check box you speak of in the payment window ....
> ...


Actually, the box was unchecked (by default) on my most recent eBay purchase.

I'm guessing every site but eBay actually transfers you to the Paypal site (your address window would be www.paypal.xxx) in order to access your Paypal account. Until I purchase something else I cannot be sure, but I believe eBay does not transfer you to the Paypal site (you stay on the eBay site) so eBay sees both your Paypal user ID and password before passing them to Paypal. And if they see it, they can store it....whether you give them permission or not.

Joe


----------



## Pomfish (Oct 25, 2003)

*Your choice*



Grandcheapskate said:


> Actually, the box was unchecked (by default) on my most recent eBay purchase.
> 
> I'm guessing every site but eBay actually transfers you to the Paypal site (your address window would be www.paypal.xxx) in order to access your Paypal account. Until I purchase something else I cannot be sure, but I believe eBay does not transfer you to the Paypal site (you stay on the eBay site) so eBay sees both your Paypal user ID and password before passing them to Paypal. And if they see it, they can store it....whether you give them permission or not.
> 
> Joe


Joe,

I am failing to see the surprise here.
They were the same company for like 10 years, you think they "forgot" the information you willingly shared with them during this time?

Bottom line is this, it isn't your credit card, it is Mastercard/Visa/Discover etc. card.
This is a good thing, because it is their problem, not yours, when it gets scammed.

Use a bank account that is only for ebay/paypal with a separate bank other than the one you use for normal banking and use a credit card just for these purchases with a limit you are comfortable with. 
Limits can be lowered just as easy as they can be raised.
You have the power to control what you put out there, but is onto you to set it up to Your liking, not the default setting.
Nothing to lose sleep over. 

HTH
Keith


----------

