[DisturbedRocks31]

Two days ago, I used my PayPal account for the first time in over a year to purchase an app from my dev alpha C.

Last night, someone was able to log in and initiate an unauthorized transaction to purchase an iPad and ship it to somewhere in Vancouver!

How did this happen? Does the app developer see my PayPal info? I can't see any such info through my Vendor Account for any of my apps.

The password is unique for the PayPal account and no other account was hacked - so far I only see the one BlackBerry transaction as a possible point of a phishing scam. I'm running a scan of my computer for keyloggers but I doubt I will find anything because my bank account wasn't hacked - and I didn't even log in to PayPal using a computer for over a year! O_o

-----

The interesting part is that I was able to find out about this problem and react in time because of BlackBerry!! I got 3 emails, two from PayPal and one from newegg telling me about the purchase and I was able to get in touch with the newegg customer service right away to cancel the order.

[bobauckland]

Two days ago, I used my PayPal account for the first time in over a year to purchase an app from my dev alpha C.

Last night, someone was able to log in and initiate an unauthorized transaction to purchase an iPad and ship it to somewhere in Vancouver!

How did this happen? Does the app developer see my PayPal info? I can't see any such info through my Vendor Account for any of my apps.

The password is unique for the PayPal account and no other account was hacked - so far I only see the one BlackBerry transaction as a possible point of a phishing scam. I'm running a scan of my computer for keyloggers but I doubt I will find anything because my bank account wasn't hacked - and I didn't even log in to PayPal using a computer for over a year! O_o

-----

The interesting part is that I was able to find out about this problem and react in time because of BlackBerry!! I got 3 emails, two from PayPal and one from newegg telling me about the purchase and I was able to get in touch with the newegg customer service right away to cancel the order.

I've been using PayPal with BlackBerries for ages, including the Z10, so I'd suggest it might just be coincidence?
I could be wrong of course but haven't seen this complaint too often.

[mscooley]

I'd chalk this up with a coincidence as well. And without even being an app dev, I can tell you that the dev doesn't see your PayPal info. I've used PayPal since day one whether to integrate it into websites I've built, managing my own personal invoices, and of course to purchase BlackBerry apps and items from eBay. You have addressed this with PayPal right?

Posted via CB10

[southlander]

If you read Bob Cringely's column (?) he just disclosed his PayPal account got hacked. He's a pretty savvy tech user. So while I am not saying for sure it is the case, it is possible PayPal itself has been breached.

I point this out because it is very very recent.

Posted via BlackBerry 10

[mmcpher]

I've used PayPal for years with my BB's and never had an issue.

Posted via CB10

[DisturbedRocks31]

I'd chalk this up with a coincidence as well. And without even being an app dev, I can tell you that the dev doesn't see your PayPal info. I've used PayPal since day one whether to integrate it into websites I've built, managing my own personal invoices, and of course to purchase BlackBerry apps and items from eBay. You have addressed this with PayPal right?

Posted via CB10

Yeah I got the order voided but I want to know how the security breach actually occured!! The problem is that - for some reason - I verified my PayPal account by giving them my bank account info so I was worried, what if this happens again and I can't respond in time?

If you read Bob Cringely's column (?) he just disclosed his PayPal account got hacked. He's a pretty savvy tech user. So while I am not saying for sure it is the case, it is possible PayPal itself has been breached.

I point this out because it is very very recent.

Posted via BlackBerry 10

Just did a quick search, the guy GOT $0.01 from someone (LOOL) but I had about $500 removed from my account!!

[BuzzStarField]

Does the app developer see my PayPal info? .

Absolutely not. BBRY handles all aspects of payment processing, downloading and installing apps on your device.

[mscooley]

Yeah I got the order voided but I want to know how the security breach actually occured!! The problem is that - for some reason - I verified my PayPal account by giving them my bank account info so I was worried, what if this happens again and I can't respond in time?



Just did a quick search, the guy GOT $0.01 from someone (LOOL) but I had about $500 removed from my account!!

The $.01 is an amount PayPal usually deposits into your bank account to verify it. Maybe that's where the breach took place. I'd run it this scenario by your bank pronto.


Posted via CB10

[raino]

A tip for those who rely on Paypal to make payments: set your "method of payment" to a credit card instead of a bank account. Better protection.

[El Platanero]

Yeah no problems here. Hope you find out and inform us of the results

Posted via CB10

[Andrew4life]

The only thing to make sure is that you are entering info and paying through blackberry app world and not the actual app itself. Because if you are downloading an app that has malicious code that asks for PayPal info then that is one way someone could hack your PayPal, but most apps should be checked for this during the approval so it's not too likely to happen.


Posted via CB10

[dr0800]

Out of interest is the PayPal app for BB10 and android sideload? Personally I'm not happy to run any Android port on my device.

[Sith_Apprentice]

I am going to update this title with the Speculation tag. Since there is no proof, and developers do not get your paypal information when you use it through BlackBerry World, this seems highly unlikely to be the cause of the breach.

[7Buck0]

Hmmm, just to add to the weirdness, about 3 weeks ago I went to make a purchase in BBWorld, and it came back saying my payment method was invalid. When I checked it out further, my credit card info that had been on record was blank. Thinking it weird, I rentered by credit card info, and the purchase went through. Well, last week when I received my credit card statement, I saw some odd transactions, and called the bank. Sure enoiugh, after a brief investigation on the phone, the bank confirmed that my credit card had been comprimised.
Now, I can't say for sure it was related to BBWorld, but that was the only "out of the ordinary" event that occurred. Just be careful.

[DisturbedRocks31]

Out of interest is the PayPal app for BB10 and android sideload? Personally I'm not happy to run any Android port on my device.

The BlackBerry World app itself - I purchased a friend's app and my own app. Both of which I know to be completely clean since I had a part in writing the apps.

I am going to update this title with the Speculation tag. Since there is no proof, and developers do not get your paypal information when you use it through BlackBerry World, this seems highly unlikely to be the cause of the breach.

Hmmm, just to add to the weirdness, about 3 weeks ago I went to make a purchase in BBWorld, and it came back saying my payment method was invalid. When I checked it out further, my credit card info that had been on record was blank. Thinking it weird, I rentered by credit card info, and the purchase went through. Well, last week when I received my credit card statement, I saw some odd transactions, and called the bank. Sure enoiugh, after a brief investigation on the phone, the bank confirmed that my credit card had been comprimised.
Now, I can't say for sure it was related to BBWorld, but that was the only "out of the ordinary" event that occurred. Just be careful.

Yeah, I got the order cancelled which was lucky since I woke up to see emails from PayPal and the seller!

The only way this could've happened is if the person brute forced into my account or something odd happened when BlackBerry world processed the PayPal information! Since I only accessed the site through the BB World and through the PlayBook browser.

Both those scenarios are unlikely! O_o

[DisturbedRocks31]

Unfortunately, this means no more buying apps on Dev C until I figure out what's wrong!

[habicht]

Was it an in-app buy?

In normal cases your inapp buys are handled with your BlackBerry ID... never provide PayPal, credit card information through an App...

Posted via CB10

[DisturbedRocks31]

Was it an in-app buy?

In normal cases your inapp buys are handled with your BlackBerry ID... never provide PayPal, credit card information through an App...

Posted via CB10

Nope, just purchasing an app! Nothing else - it wasn't used for a long time until I needed it for BlackBerry related purposes (for my vendor's account, this purchase)

Can it be a coincidence that after a lack of activity for a LONG time, I use it once and it gets hacked?

[twstd.reality]

A tip for those who rely on Paypal to make payments: set your "method of payment" to a credit card instead of a bank account. Better protection.

+1

I took my bank account out after they verified my address. I've always been paranoid about linking anything directly to it. Always have a buffer.

Posted via CB10

[ESCON]

What was the name of the app?

Send by my Sexy Z10 via CB

[systemvolker]

Android ported apps must be involved with this.. i suspect, they can fish infos in your dev alpha c, and i believe dev alpha C is not secured because its for devs.

Posted via BlackBerry z10 (CB)

[dlwillia]

Had the same problem my card got charged to gamestop and greenman london. this seemed to occur after a BBWorld purchase/download i can't remember the app I purchaseddownloaded 'cause I deleted them all.thank god I caught this and had bank dispute it.

[DisturbedRocks31]

What was the name of the app?

Send by my Sexy Z10 via CB

BlackBerry World.

Android ported apps must be involved with this.. i suspect, they can fish infos in your dev alpha c, and i believe dev alpha C is not secured because its for devs.

Posted via BlackBerry z10 (CB)

I seriously hope that's not the case. It can't be the cause. If it is, I don't know how BlackBerrys cleared security checks. Plus, a couple other people also say similar things happened to them; although we can't verify those because I imagine their credit cards were used in multiple places.

[mscooley]

Android apps live and function in a sandbox per se. That should not be the problem.

Posted via CB10

[southlander]

Just did a quick search, the guy GOT $0.01 from someone (LOOL) but I had about $500 removed from my account!!

No that is not what happened. Read this.

http://www.cringely.com/2013/04/13/s...ws-for-paypal/

Posted via BlackBerry 10