Anonymous Claims It Hacked PayPal

[HardOCP News]

Anonymous claims to have hacked PayPal and, to teach the company a lesson, they publicly posted the private information of 28,000 users . PayPal has responded saying there is no evidence of a hack.

Hacking collective Anonymous claims it's stolen around 28,000 user details from a server used by PayPal, with what appears to be email addresses, names and associated passwords appearing on a selection of online sharing services. However, as with some other recent Anonymous claims, the hack is being disputed by the attacked party.

 

[MacLeod]

Man I wish these guys would just die. The world would be a better place.

 

[ElGuapo242]

Man I wish these guys would just die. The world would be a better place.

Only problem with that, is that there is always some douche canoes who will pop up and replace them.

 

[Hornet]

Sons of bitches.

I should change my password I guess.

 

[MacLeod]

Only problem with that, is that there is always some douche canoes who will pop up and replace them.

Yeah I know. Guess we need a good old fashioned plague from God. Ya know rain some death and destruction on these guys or at least some terrible suffering.

 

[TheBuzzer]

most likely they hacked some 3rd party site that uses paypal.

 

[Zarathustra[H]]

I go back and forth on Anonymous.

I used to think of them as the responsible counter-part to those morons in lulzsec (who really deserve to die)

This is probably because they are a decentralized leaderless organization what they stand for changes from day to day.

Some days they appear responsible, positioned to protest real problems in the world. (albeit likely in a futile manner)

Other days they are outright irresponsible with peoples private data.

I understand they are trying to make a point, but when they keep doing it by hurting the users/customers, rather than the companies they target themselves, they don't exactly win any hearts and minds...

 

[Dantrax]

Yeah I know. Guess we need a good old fashioned plague from God. Ya know rain some death and destruction on these guys or at least some terrible suffering.

That happened already in New Jersey. God was pissed off from watching Jersey Shore.

 

[Zarathustra[H]]

That happened already in New Jersey. God was pissed off from watching Jersey Shore.

Too bad none of the cast of that show died.

To the defense of the Jersey Shore, I'll say this though.

The scumbags that you associate with the area, usually are not from the area. They come down from NYC, or other places. The people who actually live there, were born there, and raise their families there are typically good people.

 

[quimby999]

I've never seen any proof that they have ever done anything that they claimed to do yet . I doubt thesemommy basement living morons could do anything except get stupid sites to give them free publicity once sites like hard ocp quit being thier publicists they will go away back to thier cess pits under thier mommies houses .

 

[devil22]

Changed my password. Go die anonymous. lame ass rebels without a cause.

 

[stiltner]

Didn't change mine..

Challenge Accepted.

Hack that bitch, go right ahead and try

 

[Blazemore]

Went ahead and change mine as well.

 

[drescherjm]

I changed mine. Although it is unlikely that I will remember the new password the next time I use paypal..

 

[HardOCP News]

Went ahead and change mine as well.

I went a step further...I changed Anonymous' password. Hack that bitches

 

[PNut12345]

Glad I cancelled PayPal a long time ago...

 

[McFry]

For everyone hating on Anon, if you ever actually spoke with one of them directly you'd actually see they really do have a positive spin on the things they do, it just looks ugly at a glance.

For instance I imagine anon would describe this event as helping paypal users in general, by forcing paypal to address security flaws with an actual demonstration of a breach. Clearly paypal is all over this as we speak, fixing any issues which may exist. Now imagine if you simply discovered the breach and told them about it. You really think paypal would give a damn? It has been proven time and time again that corporations wont do diddly shit until their hand is forced. I mean why bother afterall. The cost of settlement, insurance, and reimbursement for victims (or dismissal from lawyers) is probably cheaper than actually addressing the issue. So fuck em, thats their motto.

In come anon, airing their ugly laundry, proving it can be done, and sacrificing a few lams in the process to make sure it gets done. I'm not anon supporter, and tend to kind of ignore their headlines, however I did get a chance to speak with a member of sorts once, and challenged him on a number of recent articles putting them in a negative light, and he actually had legitimate sounding defences for all of them, things I hadnt really considered. It's all about the big picture with anon. They really arent trying to harass, but enact change with force.

It's sort of light spotting some douche parking in a handicap spot who is clearly not handicapped. Anon is the guy who keys their car for you, so you dont have to.

 

[baldrik]

Dear Anonymous,

Kindly knock this shit the fuck off.

Thanks,

Baldrik

 

[devil22]

For everyone hating on Anon, if you ever actually spoke with one of them directly you'd actually see they really do have a positive spin on the things they do, it just looks ugly at a glance.

For instance I imagine anon would describe this event as helping paypal users in general, by forcing paypal to address security flaws with an actual demonstration of a breach. Clearly paypal is all over this as we speak, fixing any issues which may exist. Now imagine if you simply discovered the breach and told them about it. You really think paypal would give a damn? It has been proven time and time again that corporations wont do diddly shit until their hand is forced. I mean why bother afterall. The cost of settlement, insurance, and reimbursement for victims (or dismissal from lawyers) is probably cheaper than actually addressing the issue. So fuck em, thats their motto.

In come anon, airing their ugly laundry, proving it can be done, and sacrificing a few lams in the process to make sure it gets done. I'm not anon supporter, and tend to kind of ignore their headlines, however I did get a chance to speak with a member of sorts once, and challenged him on a number of recent articles putting them in a negative light, and he actually had legitimate sounding defences for all of them, things I hadnt really considered. It's all about the big picture with anon. They really arent trying to harass, but enact change with force.

It's sort of light spotting some douche parking in a handicap spot who is clearly not handicapped. Anon is the guy who keys their car for you, so you dont have to.

I'll remember all that when I'm on the phone for hours with my bank because of this bullshit. See, the problem with this thinking is, any large complex code base has bugs, and almost always will, as you add features and change things, you always add bugs too and you'll never find all the old ones. So pointing out these bugs to paypal, well so what, because if anyone wants to attack paypal, no matter how much Paypal mitigate against it, it will be done. I'm not saying paypal should not do any security, but this idea that it's OK to post their users' info because they had a bug, is ridiculous. It's also similar to saying "I had to blow up the local pig farm, because they didn't guard against it! Hopefully they learn their lesson!" Sorry, but it's all just lame vandalism.

 

[TechLarry]

Man I wish these guys would just die. The world would be a better place.

Anonymous or Pay Pal ? Either answer would be correct IMHO.

Until PayPal is treated as a bank, and required to follow the same regulations, I'll have nothing to do with them.

 

[Scooty Puff Sr.]

For everyone hating on Anon, if you ever actually spoke with one of them directly you'd actually see they really do have a positive spin on the things they do, it just looks ugly at a glance.

For instance I imagine anon would describe this event as helping paypal users in general, by forcing paypal to address security flaws with an actual demonstration of a breach. Clearly paypal is all over this as we speak, fixing any issues which may exist. Now imagine if you simply discovered the breach and told them about it. You really think paypal would give a damn? It has been proven time and time again that corporations wont do diddly shit until their hand is forced. I mean why bother afterall. The cost of settlement, insurance, and reimbursement for victims (or dismissal from lawyers) is probably cheaper than actually addressing the issue. So fuck em, thats their motto.

In come anon, airing their ugly laundry, proving it can be done, and sacrificing a few lams in the process to make sure it gets done. I'm not anon supporter, and tend to kind of ignore their headlines, however I did get a chance to speak with a member of sorts once, and challenged him on a number of recent articles putting them in a negative light, and he actually had legitimate sounding defences for all of them, things I hadnt really considered. It's all about the big picture with anon. They really arent trying to harass, but enact change with force.

It's sort of light spotting some douche parking in a handicap spot who is clearly not handicapped. Anon is the guy who keys their car for you, so you dont have to.

Bullshit.

Anon is like the guy that see's you walking around in a bullet proof vest that has a flaw from the manufactorer. Is pissy because said manufactorer told him to screw off. So he shoots you in the chest, revealing the flaw but also sending you to the emergency room.

You know, to protect you incase someone comes around wanting to shoot you. I bet you wont use that bullet proof vest again....too bad you're paralyzed. It's all about the big picture.

 

[D4hPr0]

For everyone hating on Anon, if you ever actually spoke with one of them directly you'd actually see they really do have a positive spin on the things they do, it just looks ugly at a glance.

For instance I imagine anon would describe this event as helping paypal users in general, by forcing paypal to address security flaws with an actual demonstration of a breach. Clearly paypal is all over this as we speak, fixing any issues which may exist. Now imagine if you simply discovered the breach and told them about it. You really think paypal would give a damn? It has been proven time and time again that corporations wont do diddly shit until their hand is forced. I mean why bother afterall. The cost of settlement, insurance, and reimbursement for victims (or dismissal from lawyers) is probably cheaper than actually addressing the issue. So fuck em, thats their motto.

In come anon, airing their ugly laundry, proving it can be done, and sacrificing a few lams in the process to make sure it gets done. I'm not anon supporter, and tend to kind of ignore their headlines, however I did get a chance to speak with a member of sorts once, and challenged him on a number of recent articles putting them in a negative light, and he actually had legitimate sounding defences for all of them, things I hadnt really considered. It's all about the big picture with anon. They really arent trying to harass, but enact change with force.

It's sort of light spotting some douche parking in a handicap spot who is clearly not handicapped. Anon is the guy who keys their car for you, so you dont have to.

So what do you say to the people that get their bank accounts hacked and cant make a mortgage payment or put food on the table until Paypal reverses the funds, which could take over a month.

There is a right way of reporting exploits and this is not one of them no matter how you sugar coat it.

 

[DarkStar_WNY]

For everyone hating on Anon, if you ever actually spoke with one of them directly you'd actually see they really do have a positive spin on the things they do, it just looks ugly at a glance.

For instance I imagine anon would describe this event as helping paypal users in general, by forcing paypal to address security flaws with an actual demonstration of a breach. Clearly paypal is all over this as we speak, fixing any issues which may exist. Now imagine if you simply discovered the breach and told them about it. You really think paypal would give a damn? It has been proven time and time again that corporations wont do diddly shit until their hand is forced. I mean why bother afterall. The cost of settlement, insurance, and reimbursement for victims (or dismissal from lawyers) is probably cheaper than actually addressing the issue. So fuck em, thats their motto.

In come anon, airing their ugly laundry, proving it can be done, and sacrificing a few lams in the process to make sure it gets done. I'm not anon supporter, and tend to kind of ignore their headlines, however I did get a chance to speak with a member of sorts once, and challenged him on a number of recent articles putting them in a negative light, and he actually had legitimate sounding defences for all of them, things I hadnt really considered. It's all about the big picture with anon. They really arent trying to harass, but enact change with force.

It's sort of light spotting some douche parking in a handicap spot who is clearly not handicapped. Anon is the guy who keys their car for you, so you dont have to.

You are so wrong it's sad.

Firstly being able to convince yourself of your "cause" does not mean you aren't full of shit.

As for your analogy about keying the car, they aren't doing that which is the exact problem. Instead they are keying every car in the lot BUT the person wrongly parked in the handicapped spot, supposedly to get them to see that the unkeyed car is parked improperly.

 

[Zarathustra[H]]

For everyone hating on Anon, if you ever actually spoke with one of them directly you'd actually see they really do have a positive spin on the things they do, it just looks ugly at a glance.

For instance I imagine anon would describe this event as helping paypal users in general, by forcing paypal to address security flaws with an actual demonstration of a breach.

You can demonstrate a breach without exposing users sensitive data.

Either provide it directly to the business without posting it online for criminals to use, or post it online with hashed password/credit card data, that the company can use to confirm the breach, but doesn't actually put users at risk.

When you expose users sensitive data to prove a point - no matter how good that point is - you are really no better than those who would steal the data in order to use it for theft.

 

[Zarathustra[H]]

You can demonstrate a breach without exposing users sensitive data.

Either provide it directly to the business without posting it online for criminals to use, or post it online with hashed password/credit card data, that the company can use to confirm the breach, but doesn't actually put users at risk.

When you expose users sensitive data to prove a point - no matter how good that point is - you are really no better than those who would steal the data in order to use it for theft.

Come to think of it, how does this philosophy work if we apply it to violent crime?

What if someone were to go on a shooting spree killing people, and then claim that it was to force the police department to wake up and better patrol the streets so people don't get killed?

Would you be equally supportive of that?

 

[-PK-]

They probably either hacked a store website, or bought the 28,000 entries from someone else.

 

[ArbY]

The link to the private paste leads to a "Paste Not Found" page, and they did not post a new link on their Twitter. I'm running out of passwords.

 

[RangerXML]

Better safe then sorry, info changed.

 

[dyzophoria]

most likely they hacked some 3rd party site that uses paypal.

this is my guess as well, 28,000 is a bit little for what normally Anon boasts of

 

[Bamboo]

Winning hearts and minds one day at a time.

 

[priley]

I've already had my PayPal compromised once... Not going to risk it again.

 

[Dekarx]

Nothing but kids with guns.

 

[priley]

Via InformationWeek:

What about PayPal? Cyber War News had originally reported that the list of sites exploited by Hack The Planet included PayPal, but it later corrected that report to note that PayPal hadn't been targeted. Similarly, a PayPal spokeswoman said via email, "It appears that the exploit was not directed at PayPal after all, it was directed at a company called ZPanel." PayPal said it's found no evidence that it was hacked, or that any of its employees' data was obtained or released, as was originally reported.

 

[codegrinder]

yay for two factor authentication

 

[jumper]

I'll take my chances... 28k out of the millions users..and one out of that 28k..

 

[infojunkie]

I'll remember all that when I'm on the phone for hours with my bank because of this bullshit. See, the problem with this thinking is, any large complex code base has bugs, and almost always will, as you add features and change things, you always add bugs too and you'll never find all the old ones. So pointing out these bugs to paypal, well so what, because if anyone wants to attack paypal, no matter how much Paypal mitigate against it, it will be done. I'm not saying paypal should not do any security, but this idea that it's OK to post their users' info because they had a bug, is ridiculous. It's also similar to saying "I had to blow up the local pig farm, because they didn't guard against it! Hopefully they learn their lesson!" Sorry, but it's all just lame vandalism.

I dunno. The latest Bliz incident changed my mind.
All three NA, EU and Asia servers suffered from hack fiasco on the same weekend, and Bliz blamed it on users for 3 months until they told users there may have been some hacks indeed. My bank issued me a new CC after a week, telling me the old number has been compromised.

Yeah, being hacked sucks, but I'd rather know when I get hacked rather than coops hiding it for their profit.