That’s right! Paypal wants your bank password.

Hilarious! This isn’t the first time we’ve seen this ridiculous situation.

This is nearly beyond words. The risk involved is obvious. I’ll begin with Paypal’s very own User Agreement. Paypal offers NO guarantee of anything!  Not against technical issues or glitches which may cause you loss, nor employee theft, hacking, etc. They do not guarantee the ID of any individual using their service, or that any transaction will be completed successfully.

They’ve also recently updated their User Agreement with more terms which frankly are fascist and well beyond bizarre. In short, they hold all the cards. There isn’t a thing in the world which would prevent them from draining your bank account on any pretext (or none at all) if you give them the password.

And if you think they won’t do that, you may want to think again. A quick web search or run through this blog will tell you that there are no lies too big, nor victims too small for our fiends at Paypal.

If anyone is wondering where the image came from, it was right here, where you can also see Paypal’s obvious yet disgusting little carnival of paid trolls and pettifoggers in action.

You’ll also see this there:

Here is what is stated in BOA online banking service agreement:

When you give someone your Online Banking ID and passcode, you are authorizing that person to use your service, and you are responsible for all transactions that person performs while using your service. All transactions that person performs, even those transactions you did not intend or want performed, are authorized transactions.

So before you fall for Paypal’s weasel words and tricks, check with your bank and their policies regarding sharing your password.

Don’t forget: Paypal is not a bank. Moreso, they are a shady, third rate money transmitter service with a long and storied reputation for dismal customer service, dishonesty, thumbing their nose at the rule of law and running roughshod over their users.

They are not to be trusted!

At the Technical Issues forum on ebaY there is a thread: Warning: Something’s Not Right Here! www.ebay.com contains malware.

Here’s the pertinent text:

Never had this happen before, but I was looking at a list of listings for jackets and when I clicked on one of the auctions I got the below message. Now i’m paranoid

Warning: Something’s Not Right Here! http://www.ebay.com contains malware. Your computer might catch a virus if you visit this site.Google has found malicious software may be installed onto your computer if you proceed. If you’ve visited this site in the past or you trust this site, it’s possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.We have already notified www.ebay.com that we found malware on the site. For more about the problems found on http://www.ebay.com, visit the Google…

(Followed by a long link of [snipped] gibberish text.)

Sure enough if you go to the link supplied there by the original poster, you’re met with a Reported Attack Site page. Click to enlarge, opens in new tab or window

ebay reported as attack site

This is hardly the first such warning for ebay. They’ve been showing malware, drive-by downloads, trojans and assorted exploits present on ebaY for a long time now at Google’s Safe Browsing page for ebay.com. At this very moment Google shows:

What is the current listing status for ebay.com?

This site is not currently listed as suspicious.

Part of this site was listed for suspicious activity 40 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 361401 pages we tested on the site over the past 90 days, 134 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-08-22, and the last time suspicious content was found on this site was on 2012-08-20.Malicious software includes 10 scripting exploit(s), 10 trojan(s).

Malicious software is hosted on 28 domain(s), including 24-verygoods.ru/, charityairsupport.org/, 178.162.167.0/.

37 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including charityairsupport.org/, clazzio.us/, mahtab.tv/.

This site was hosted on 37 network(s) including AS11643 (EBAY), AS4436 (AS), AS20940 (AKAMAI).

I posted a short  video demonstrating this risk last fall. Since then there hasn’t been a single day that ebaY showed malware free.

Then there’s also the grandaddy of them all, the long uncorrected ID stealing xss flaw. Thirteen years now? roflmao!

Make no mistake, the risks along with the consequences are real. In short, if you even land on one wrong page at sleazebay, you’ll spend years cleaning up the mess.

Do you trust this outfit? How can anyone?

The only good reason to visit the ebay site is to close your account if you haven’t done so yet. Don’t forget, ebay’s stated policy is to blame the victims of fraud.

Update

Readers here may want to see this

Not to surprising info posted over at krebsonsecurity.com.

Active, hacked or phished Paypal accounts found for sale on yet more venues. For those not paying attention, there are entire sleazy industries surrounding all things ebaY & Paypal. This particular type has been exposed time and again.

Please don’t overlook the very real possibility they could all be insider fraud, as Paypal’s own documents show.

I say this because ebaY and PayPal  have been very quick and thorough to silence criticism and exposure of embarrassing facts, yet these highly fraudulent sites remain. EbaY allows as many accounts as a person wishes, and Paypal does little to nothing to verify people at the gate. Rather, they wait until funds are in one’s accounts, then seized, after the fact, under any number of false or invalid reasons, until you are “proven worthy“.

It’s pretty obvious that the members are being used to subsidize fraud and failure, and to cover PayPal’s losses, which are bourne of their very own lackwit policies and practices IMO.

The very best thing you can do is avoid PayPal and ebaY. Close both your ebay and Paypal accounts and do whatever you need to to be sure they cannot access both your bank accounts and credit cards.

I see that paypal.uk had their twitter account taken over, defaced and anti-paypal messages posted.

Hacking Paypal: The finest in optional entertainment! ;p image by huffingtonpost.com

Beyond all doubt, this is ownage. Severe ownage! It’s been quite the LoLzstorm!

The hacker has been described as a disgruntled paypal user, although not named anywhere I saw.

In the recent tsunami wave of high-profile hacking and proliferation of various hacking groups, I don’t see any individual or entity coming forward to take credit. Of course, Anonymous means different things to different people I suppose. ;p

The message which I’m receiving though, is that if Paypal can’t keep their twitter account secure, can you really trust them with your money, possibly your livelihood?

The fact also remains that the hacker has valid criticisms. Paypal (as well as parent company ebaY) has been making changes to their user agreement which boggle the mind. One hundred and seventy-four changes since June 2009. Some of the recent ones include provisions for unchecked payment holds for all users, and that the reasons for such holds do not even need to be disclosed to the victim/consumer. Ultra-Hyper- Kafkaesque to say the least.

Paypal is known to make all their profits on the ‘float’ thus giving them every reason to seize for the vaguest (if any) pretext, and hold onto funds as long as possible.

They need to be seriously looked at and regulated like a bank. The sheer amount of funds processed, number of complaints, nature of complaints etc along with the obvious abuse of power and consumer trust demands it

Paypal is also widely known for shoddy customer service, poor security, dishonesty, ‘glitches’, facilitation of fraud… too many things to go into here. The point is that sites like paypalsucks.com and numerous other anti-Paypal blogs, sites, videos, not to mention lawsuits, etc do not exist because paypal is all that and a bag of chips. I also have another blog, a video channel and a news forum documenting many more PayPal and ebaY issues should anyone care to peruse them. Links are right on the sidebar.

You can see the utter disdain of Paypal in comments, if not the titles of write-ups around the web.

Millions cheered this hack attack!

I see a lot of condemnation of the hacker, yet still I wonder why none of the larger publications and more well-known journalists aren’t looking into paypal’s many mal-practices?

At any rate I’m pretty sure that PP has a great deal of influence over such things being published. I wouldn’t be surprised to learn they expend more energy on various PR devices than they do on security and customer service.

I urge any and all readers here to close out your Paypal accounts now, before you too fall victim to this heinous outfit.

Anyone looking for the full sized version of the steaming pile of PayPal can get it here. . . ;p

Update: It’s been hacked again!