PayPal Digital Gift Cards Code Leak

Given the popularity of Gift Cards as a target for scams, it’s kind of surprising that PayPal allowed a simple leak like this to happen in the first place.

PayPal is not only a dominating force when it comes to making online transactions between individuals and companies, it also branched of in other areas such as gift cards. You may visit the site PayPal Gifts to purchase gift cards for various popular online and offline services using a PayPal account. The service has a security issue currently that is caused by an improperly configured server, or more precisely, a robots.txt file.

Basically, what happens is that search engines index the “here is your PayPal gift card” pages on the site. These pages show the code of the gift card among other things. This means that anyone may use the code to grab the credit before the recipient may have a chance to redeem it.

paypal gift card

Good news is that only a handful of pages are indexed currently by Google. The main reason for this is that the gift pages are not linked anywhere on the PayPal Digital Gifts site. This means that they can only come in the index of they are linked from a location that search engine bots have access to.

Customers who purchase gift cards using PayPal’s Digital Gifts service need a PayPal account for that. Recipients on the other hand don’t. They can take the code and redeem it directly using the service it was created for.

The service supports a wide variety of popular online services including iTunes, Google Play, Best Buy or Apple Music.

A robots.txt file is used by webmasters to “tell” search engine bots what they can and cannot crawl on the site.

The theory is that search engines ignore any “forbidden” area as indicated by the file so that it is not indexed.

Something that is not indexed cannot come up in the search results. PayPal on the other hand redirects the robots.txt file which means that it does not use one on the site.

While fairly limited in scope, it is an issue nevertheless, and one that does not paint PayPal in a kind light.

Take away: if you get a digital gift card, redeem it right away. If you buy one, make sure the recipient does so to avoid any issues with the information leaking online.

Link to Original Content

Tags: , ,

Comments are closed.