PayPal E-Mail Leak Brings Phishing Worries | eWeek

PayPal E-Mail Leak Brings Phishing Worries

Écrit par
Ryan Naraine
Ryan Naraine
Jan 24, 2005
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Electronic payment provider PayPal Inc. on Monday confirmed that a security breach at a partner site left an unknown number of e-mail addresses exposed on the Internet.

The eBay-owned company, which has been a major target for phishing attacks, said the security breach occurred at Benchmark Portal, a third-party company that handles customer-survey e-mails and exposed a “limited number of user e-mail addresses.”

Word of the data leakage first surfaced on security message boards over the weekend and pointed to an apparent bug in the software used to manage “unsubscribe” requests from PayPal users.

eWEEK.com was able to verify that certain readily available URLs could be manually manipulated to show e-mail addresses of PayPal users who recently unsubscribed from customer-service surveys.

PayPal spokeswoman Sara Bettencourt said the breach had been fixed and insisted that only a small number of users were affected. However, security experts say a malicious person with the most basic scripting tool could have exploited the bug to hijack a large list of legitimate PayPal e-mail addresses.

E-mail addresses are used to handle PayPals log-in process.

“Were working directly with those users whose e-mail addresses were exposed. Were informing them of the situation and warning them they may receive deceptive e-mails. Were encouraging them to contact us if they receive deceptive e-mails,” PayPals Bettencourt said.

She said the breach did not leak any information beyond e-mail addresses. “We use high levels of encryption on our own secure servers. Passwords are never accessible to any third party.”

/zimages/4/28571.gifClick hereto read about PayPals apology for a spate of sporadic outages.

Jon Anton, a spokesman for Benchmark Portal, confirmed that the data leak was the result of a “malicious hacking attack” and confirmed PayPals assertion that it involved a very small number of e-mail addresses.

“We only have e-mail addresses to do customer surveys. This did not involve any personal information, passwords, credit card information or bank information,” Anton told eWEEK.com.

He said the company was alerted to the breach late Saturday evening and was able to address it by Sunday.

“This was a malicious hacking attack. Someone broke into our process and was able to grab a very small number of e-mail addresses. We spotted it very early because we noticed an unusually large number of unsubscribes coming in,” Anton added.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.