Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest

PayPal Digital Gift Cards code leak

Batu69

By Batu69
in Security & Privacy News

Recommended Posts

Batu69

Batu69

Posted
Posted

PayPal is not only a dominating force when it comes to making online transactions between individuals and companies, it also branched of in other areas such as gift cards.

You may visit the site PayPal Gifts to purchase gift cards for various popular online and offline services using a PayPal account.

 

The service has a security issue currently that is caused by an improperly configured server, or more precisely, a robots.txt file.

Basically, what happens is that search engines index the "here is your PayPal gift card" pages on the site. These pages show the code of the gift card among other things. This means that anyone may use the code to grab the credit before the recipient may have a chance to redeem it.

 

paypal gift card

 

Good news is that only a handful of pages are indexed currently by Google. The main reason for this is that the gift pages are not linked anywhere on the PayPal Digital Gifts site. This means that they can only come in the index of they are linked from a location that search engine bots have access to.

 

Customers who purchase gift cards using PayPal's Digital Gifts service need a PayPal account for that. Recipients on the other hand don't. They can take the code and redeem it directly using the service it was created for.

 

The service supports a wide variety of popular online services including iTunes, Google Play, Best Buy or Apple Music.

A robots.txt file is used by webmasters to "tell" search engine bots what they can and cannot crawl on the site.

 

The theory is that search engines ignore any "forbidden" area as indicated by the file so that it is not indexed.

Something that is not indexed cannot come up in the search results. PayPal on the other hand redirects the robots.txt file which means that it does not use one on the site.

 

While fairly limited in scope, it is an issue nevertheless, and one that does not paint PayPal in a kind light.

 

Take away: if you get a digital gift card, redeem it right away. If you buy one, make sure the recipient does so to avoid any issues with the information leaking online.

 

Article source

Link to comment
Share on other sites
  • Views 575
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...