Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security Communications Network Privacy Software Technology

PayPal Says 1.6 Million Customer Details Stolen In Breach At Canadian Subsidiary (bleepingcomputer.com) 24

New submitter Kargan shares a report from BleepingComputer: PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers. The victim of the security breach is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North America. PayPal acquired TIO Networks this past July for $238 million in cash. PayPal reportedly suspended the operations of TIO's network on November 10th. "PayPal says the intruder(s) got access to the personal information of both TIO customers and customers of TIO billers," reports BleepingComputer. "The company did not reveal what type of information the attacker accessed, but since this is a payment system, attackers most likely obtained both personally-identifiable information (PII) and financial details." The company has started notifying customers and is offering free credit monitoring memberships.

PayPal Says 1.6 Million Customer Details Stolen In Breach At Canadian Subsidiary

Comments Filter:
  • Wonderful. They have my bank account numbers and transfer authorization. If they get owned, I'm gonna get fucked like a housecat. I think I'm going to have to switch Paypal's funding source to a pre-paid card or something. Just more hassle to *try* and keep them from wiping my main accounts. For a while I thought the guys who bought gold and stuffed it into a safe deposit box were crazy. Now it looks like I'm the one who is crazy for trusting any of this Rube-Goldberg machine of e-commerce and e-payments to
    • How would having your bank account number be an issue? It isn't a secret. Just close the account.
      • by Gr8Apes ( 679165 )
        Why would you ever give them access to your main account? This should be a miniscule account with the sole purpose of funding your paypal purchases.
        • by Mashiki ( 184564 )

          Why would you ever give them access to your main account? This should be a miniscule account with the sole purpose of funding your paypal purchases.

          Because in Canada, quite a few businesses allow you to pay with paypal directly from your business account similar to the way CoD chequeing used to work. Especially since you can set your account to escrow shipments/payments like that. Some people are quite happy to have their accounts setup that way because it's easier then running multiple accounts. Especially with the huge banking fees up here, you know like having $5k in a personal account is the requirement for 0 service fees? It's $40k in a busine

          • by Gr8Apes ( 679165 )
            Credit unions and the like are your friends, in these cases. I actually utilized an old account in a credit union completely separate from my main banking needs for Paypal. There's 0 possibilities for Paypal to tie into any significant amount of cash. Note that with a run rate of more than $1K a month on average, you should have at least 4-6K in the bank anyways for emergencies. So if you create a secondary account for Paypal, most banks will not charge you extra fees for that account, as long as it is not
        • This. I learned to do that the hard way, after someone in Toyko charged my account $500 for a hotel room 3 years ago.
          So now I have a separate checking account which I keep nearly empty; I have it tied to the bank account via a MAC card rather than the account routing number, that's much easier to cancel and change my bank told me. Then when I want to buy something with Paypal, I log into my bank, do a quick transfer of just the funds that I need, and then make the purchase.
          This way, scammers are going to

      • How would having your bank account number be an issue? It isn't a secret.

        It was never a secret. It is printed on your checks. Everyone you have ever transacted with could see it.

        Maybe we should fix our financial system so that it doesn't rely on the same information being both widely known and secret.

    • Is this confined to Canada or did it leak to other companies? 1.6Million sounds like a small number of accounts. But as we saw with Yahoo, breach reporting tends to be an underestimate.

      Paypal is my most dangerous account since it's hooked to live bank accounts so I use my best passwords for it.

      • Paypal is my most dangerous account since it's hooked to live bank accounts so I use my best passwords for it.

        This has nothing to do with your Paypal account.

        The leak occurred in a subsidiary company that processes utility payments in Canada.

      • by tlhIngan ( 30335 )

        Is this confined to Canada or did it leak to other companies? 1.6Million sounds like a small number of accounts. But as we saw with Yahoo, breach reporting tends to be an underestimate.

        Paypal is my most dangerous account since it's hooked to live bank accounts so I use my best passwords for it.

        Your Paypal account is safe. What happened was TIO Networks was breached. Paypal acquired TIO Networks in July of this year and discovered the breach.

        Paypal itself was not breached, and if Paypal wasn't acquiring the

  • by Archon ( 13753 ) on Monday December 04, 2017 @06:11PM (#55676065)

    We want companies to secure our data and face significant hardship when they fail.

  • by UPZ ( 947916 ) on Monday December 04, 2017 @06:22PM (#55676131)
    It seems that the breach was not of Paypal network but of TIO network which paypal acquired in July 2017 (and was probably in the process of integrating into it's own network). That's a little different than Paypal's own network getting breached, but technically TIO is now part of Paypal so the breach is technically Paypal's.
  • ... it's not. It's just a bullshit clickbait title. /. Is no better than BuzzFeed. Fucking garbage. For shame.
  • I don't use my bank account on Paypal (I'm not that stupid), only a credit card so if I see something wrong I can call and they'll take care of it.

panic: kernel trap (ignored)

Working...