Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


PayPal E-Mail Leak Brings Phishing Worries



 By: Ryan Naraine
2005-01-24
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A security breach at a third-party company leaves PayPal e-mail addresses exposed on the Internet.

Electronic payment provider PayPal Inc. on Monday confirmed that a security breach at a partner site left an unknown number of e-mail addresses exposed on the Internet.

The eBay-owned company, which has been a major target for phishing attacks, said the security breach occurred at Benchmark Portal, a third-party company that handles customer-survey e-mails and exposed a "limited number of user e-mail addresses."

Word of the data leakage first surfaced on security message boards over the weekend and pointed to an apparent bug in the software used to manage "unsubscribe" requests from PayPal users.

eWEEK.com was able to verify that certain readily available URLs could be manually manipulated to show e-mail addresses of PayPal users who recently unsubscribed from customer-service surveys.

Resource Library:

PayPal spokeswoman Sara Bettencourt said the breach had been fixed and insisted that only a small number of users were affected. However, security experts say a malicious person with the most basic scripting tool could have exploited the bug to hijack a large list of legitimate PayPal e-mail addresses.

E-mail addresses are used to handle PayPals log-in process.

"Were working directly with those users whose e-mail addresses were exposed. Were informing them of the situation and warning them they may receive deceptive e-mails. Were encouraging them to contact us if they receive deceptive e-mails," PayPals Bettencourt said.

She said the breach did not leak any information beyond e-mail addresses. "We use high levels of encryption on our own secure servers. Passwords are never accessible to any third party."

Click here to read about PayPals apology for a spate of sporadic outages.

Jon Anton, a spokesman for Benchmark Portal, confirmed that the data leak was the result of a "malicious hacking attack" and confirmed PayPals assertion that it involved a very small number of e-mail addresses.

"We only have e-mail addresses to do customer surveys. This did not involve any personal information, passwords, credit card information or bank information," Anton told eWEEK.com.

He said the company was alerted to the breach late Saturday evening and was able to address it by Sunday.

"This was a malicious hacking attack. Someone broke into our process and was able to grab a very small number of e-mail addresses. We spotted it very early because we noticed an unusually large number of unsubscribes coming in," Anton added.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: PayPal E-Mail Leak Brings Phishing Worries
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}v6EvK9%5,nOgwEBc䐔Jv^}}ƭ.KM-R UBPItur&skjޢ>7|d?Xf8TEK\ߤ~Am;t =4mMzNHB~}@~cf*D!H/ԞTa@]2dֵk6!oekOh cߨ_X``1\|Tl@!j:iݓ \ش^$1qLh] ]|( Ѽ$pm ؗcY͢aE3l˸+:4 DS#('aH9<:q~Ucm9.eW4ُwF}KjuW a|pdvu]+iG0M;yԸ} ? ?VbO"Z.JT:(¤Ԙ:b= u P紋T獒AF)ډVR\j'FZV@`F%pbQU>gSKjоd>8ϑ|$9ĠVPAbˠWk֟1e`=o>_rvZ>9ݐVsGR}Bg#jBcYqjʿ pOy$~:=`kh`cRV>H ߵzg/m2 )H|[:֠Eq1^CJ ݖUL_*D_G)L,Y`M`Ih6M2X~`]NЎ3ߜo4C+D_HP'X][P3Z$23}X MH5Ŧ]`)edNS4/\PeP샖_΢[1jNTwYQc'ax'AGAtiš4.P7hC:ҋ;L 'pbHۋrX¤$֌^I$>6ZЉ\? VCfB랂:׿ښA"(Qޚґ4мa yj 8=*~s`= {`5#떭,T<ħܠ~C s\(LޟD-2)%%E2 DEMi@$P!$-4Nar..lb?Q~=zZ>Lk2['5\xB#ҝC\Z>D=7Y ˇ}T[h+\KJAfkf(2{7 cfBd '&Xr`Y \+)l13OD)sf@amx:#7T4 ?y`OEڏa==%ӇnS?ԝQԽƠ;BZSMs\| ~r-ʭE֊eSG{_Fo6y2KmKg@y# l+ ZԵ> E$$"Yu`}.eOKLīdv-~:pR1Wl(`R55) Ka 5E&kX&`ܱ *PWS~8+0P!^GWvP=]|![[!E \}G) zS7HpТ0UM2 agThjMMaf0 0q tڰ~l/<\қC^i G,[Qz{%0ɉZ*aA1[6T,{ }ݛļZF_a &_Q?{2le,@ArǮmAu؊; 4=mZjt-g \\jpn ZLpsgAqA0,L\y.t 2qÍa'1 D&R*ö13wdjoFGםT&j/A%Eh!C5a 1'8o'<|!CXM~"}ilmA> \RXt> J+$X[T:4f6W߁:lx"Bsͧ}=1c* *`BG@dUkR`ZEUՓCZfGU`s<(yO=b1xԀ1h_₯/83Yoÿο(GCzKp`>3@W.|O>yO ,{'ЌȐZNZ OʌGJ?#4B~QYpUP85f! S#i3H%kSs?@ŵQ6GécuMafFž,JVRk{iyAqV܇v1"xኣ5TӝJMt8&ڳjJ ~vsT|x9kZ%qf+F`Y5=>[CҐ,,Ͻ"ٍ?~ELog;7םAtȴh(< 6|o *RWo餙DԨ/yUM+Ff2P9ڇFQ8=[?9(,S?r׎5P86 ,Bw)lܓ[_+?K} [L4@v1-P=L̝-udGh9)2<(ёvTZ`U>ǐ^b¹ZNR2s2=z*eR)Yi =cxe>uGcOg:<*C)ϣDʜi_@ڨO( ] 8ỸĤX[Lq'CU"[1dy lSJ_řZ{RS+'F) "U!7T>y_7)~(\{C>m AB>tQTn Uj \Z%/&hav%[fm͕pZ=?gD~uBy`eK9ܧp"@vG\YJl] Bq` e =Qhl^m@f^fFs4*nҖi": 5eV U)wՎT :&iZIRk“0Ӂ:tw@&~<ڊtģ'h2)fn&)33׍.[^HpOs̡n3N |$U5l[-W+ofc"]4a!0RS"y(_t2JEWʠˤ Z8`] fs+ѕ^3y0v 0׽4.Xš?KVǤ|B`SǛާ6?hClYj2}a'A.dhd]1~ܮ^boVtFiApy+ s?@*p͛+%e;!uoлw9!xP!5/;Y G}9l7o OM1&03hĜ@⑩G!g`B6 T:M}É\9ki*D|=t_5果gDܰXT d0Svޚc$ Z`!7ސPZ (ʉ=`` ɈV} α@B@npkz!NU 㯈e,e$+e32Mg&' "&9/Uщ܎<^ YVRT t61џ.W` eڃϟż.Vzۨ':IINN|ls_Blb'hew&Bzc`|x[r)fpgx kDaWEQ=*вoGGUnf}z@:Q-gF?KظN*2b(9l_녿Aݾnae!̱r0nwf ~{OjК3}A&֢nL 8V=' 9 Ϟ1+6q=tpv#({A\AzFTrk]O}V7]Yt\J-Dӝ閃CL# Hrо!ͫ/  +}F;}gwO;}T2}2KO$hשּ~QϜN{},da}I/FisP/ZKiɘ&BARTUho$jY9sJU_V {d,.E'Qd17.(P2PtIK rs`̾qGwLbR8ߟ@X} ~W*];PH=x(TR,,rDqDx/ɩ$9n.2&Y:%:#ڮ/=اi\dbS;Oف 1u'Ld@.mv!t1t`aAXŀ0V Hp@ qcx2^HC%ˎwVp. v_!O#%JJ ,^`mZ9_Ц ŵ^`ZǴ _p8|+؊wf/'Ɏ?e{kA1v̙[ʈ1௵; K%/ !MsPg=n"7(S/ F[[V}:lQOo -~ Й.Ͷ.C^>/#Bڰ7L4]OtGsϪ.O_ugOqJ#x -yx{L?]:Ƙ$ ~rWp|[.Ig 4/- ƔZfxmN[+6v 쥅ؙ#+m5 ே*1(sOķH#0f?7 tF_mcP?ԭKCDNh %ha`J ](@(?K>dze K&{txܔ' /vz'esAHxt|+\0?>TK ̏QFr'vR1 kyMY̖Q|>HwDkB{.Fet:񜅣E,b,b?ڌ =jDŽFcN.,qraBdHJt;BH}Gjy(RT\*Բ*@dx=CD} <ҷC]ϙ$4em?vzc197ޡȕTURާW^\HT_HZc`SOXS\=lY rȉ9&pHC"KA툅;k")UInKL'.eS'S*mkn]6AX!'$  ۢa`Q7v5U%N-585 N;tSJ`$˺Lw$fF#ft- D5I9ڶQ~-E'6|%$7h> sߴocpI WiP\I"z"i<2J1-EV^"?A$Ǡ+- OO$FD 7ݹ  "`0ǤHmG~!)[kH՗vGbD[$z ;| (XMSǛ@؜+)T$-)ԞN ZZsř| v7{!1@LQ<.Nce0/JN1C 8zZ2ǾH[|I.~vƌĬgLH<8金k|gTĞhͳs+f[{SjB0#釄osK }yr!" >Oa"ͤz65'TcٳЕԓ1xFuo iMs=0 pr Rڞy4`'.;꬈$5AJ\P:P:ZĖxAlčI#HX,h@C> n#8:/ qK1;XpdGmQS|7FSe2 a@UkeD7 `F1"vF@c*[JH$nK MaBd΀}s"3>1=jb:]3`i 8#x{S+*DQ{;uq< A'Wd&m~gq+@wFGyr Px,&,*ܳ'`Zp*R ϖ/ES< tCxK\Aś}D4#}y6;M/5ۖpc|mq0˻6۬wHvj}clJj~жޟ`+mն,-1{L +mƑ}:sJy,$++5vUel؆_߲MFTce։ A)V(N})1g5 kkșݴq@=|>8^AOу \/=gLܻNwՂ샋^_VBSɯ[@E@jr2i zxn j=-D7߀\}A2UBS QowsPw“oTXT#y|Ljcq@)m-C=b$y҈0)<?yx8<(F]{N9-8~=WxulC~[RGJ da"(cqQ" hX4}Lbů}Dr%# e9L eܕŤA҂BA5Rhsܴ5ԈGbv ]mz^C-B;7=US]^q=o7/ݛCWnVt"ůcܐӑo1E>eL`mܤ^:H}@"Z[l3,´I*d H 7xz --|VV_λE=4gM{3'4UP}jAƄ'* cBn4rք/s4T_dHF=yԱ8mȝGF^.kZ%3 4]h Pч-wxfHF<<}Q,턂r)Ae'^!s@>[~{Q@''+cՒm5ݵX-,"u1!dy('$r|ޝj_${JZtl'*nUZ \ f' Wcdȇ=T|>~*_$u'ZAkj 8ҡ;q~,uⱭMÐō! 7ѻdk¨`*ą)aldTV~z;jLJ/tX0+b=-#f|${ṳǟa426$ǻnXV{+$μOٴC a]qYEc `0=I}n\m=ohaG_sCۑ?S0L}AGl;5g>akH*..+ra 3|)xtT$l00?\!O#.7,x[:LZP4pBzr08sC~b #:́ nZ҂F$<"m o}n[քaArx[ xl3h:))Ĵc>CTD:%,ǰ&#bd!vwφRǠ[\36Fnŷ~(l8*~vxc>wlHß%RK)'(cWEd@jPhP؟Se O-)Qw3a/3N]<7֙E)?>NOe~t6&>2g)un9r:W@Lg>򳉑t99̣2uts\fJԎn$@<P4'<*%ʅhgFg"'&B Ȉ@`!dBc JM*(%Rk _3◱IǪZN*w'02#d͊G2qJV J{AzA d.e{?J=5$s7ͱh^__~!$76:ta[kM|폺SwN{/g/睫Mj11@z;g6/MƋBry2 Wn)sS9ӿԙpi.$ /"cɃw]f;</ӝœ0? .(E_CĸЫci7[vc+)t_?+gw:^?[9s!65B9Z[G~5}V0.8S~}6 vԼV(ۼr ɿgMfN~{9H-Ag?9 NqٜiVN>?tr/4~//e|Xݜ9n|o7]O7?]7g]n}v>9s_Կɡ>3>3 l)>C|}}---m:IY gk8=!9/9Rȫ_~ˇ-yNȳ9;F/^+sTh=g_?+/I>\Js}kBR; +]q-=ܾQqLڭfM9nP+G{2Ti k{#8xE“B*gٔ}06Ffm=AF2h?+))sOƺύh.Gsu=nνRMmhӉ{Z=Ě>/Yy* u!ȁ>أAD6KA1_w9է}߫ẽhĿ/NÙGٞ>轉rcv#Vćax&`?3/m-ph;>O{w8ƚ <0 L\ivSZCi3q*7íEy28 ZqFXg~Mg~Urxf|V/O*8y:RM7 ߼(R+tCc̝~(NBhعjzG|fpOopޣ17pM\wn B:)xT9ԴC J\NݓJnk7jz@ xITMVYi2ZE9*V&Kˤ h[a2oVS ya8n[z"z%^>AO'>9u|gJM+c<>V7/Z ~*^v&i8x qS7s,5{sE@΃s,;7:L:Aņ/j/ib+F=}p)\g;=2qgj-O,N~f+gMě>o 4QA{TDr(9T(YF Ltu/J \˪=w\EG>DBe˦]& =í'`XC-k'lyjb+uԿcrف:<&%'Df#b#+ܽ0r;AWOA%#Vh t8)-HFI 3[/nܸƻKW/Iv͘了mvKzRoT˹,HK_CShkUx3f$P&VT"E:׌dԦuP#vIߵSn ns}# / f\gHQ.x1(1r^qzF߭Uh#MXB㙸z򼮉D Y8[T"?K+zlB% 9م74Z.}oe@DN_Dz~{0VT6p|!$[gArD~{F}&*P=eZ:= n,8^ {ik3G}k[VeلݡK_!8F1^d ? G=~5)H%Wb1G$]t ""_Rah.y>ⶁE"_S6LңxAu;C 9][c纖9cbZ)qGFdۧ75Z@<K2C34 >w^ة;qV' I<>&rx{GkO>$(+u`'+~*3v[ś,!Mt4/o9kn>ʷq$Txÿʍtf/Astk 6[ '"ۂu Jmì>sW¹">UXJٍR h,8/ ln;v]r*c<[^Eҵ<ok5+~`[t-(%x0{nGLy(| _a[P~OY JbA<\2;>%i3$· @ } of4,/{QFbfC#q앢uDƃnߡCZ^Hs F  {~w1Ǹ 02cxzWY?׭-li12#, $$zIW6{{&7&iycCv_.~ph;?ˆYA wvǰ-XD!Ƨ۹ ?OЧUHF> T.v9Ͻn,]2H"<-3[8S>GG .V F`yej  ؞տHR#y!A C1Xqk @{kۄy6L= &j4b~0y-BL+6 IQE6;|,݈bZ"NDJ i)9=9.*BH6c?rCft*$@˭]Ag"a?#ah\#gyb3S2w$Y?w @ Ogq|>&:E(+ Vt*n`X{Ek\({W\~9.3M@+`.g'I~vTQ*sc{jZ~ [)#Uk̹D/5V_JCL7WЧLNe&Zqba؄;56BJkl{65 |!