[Full-disclosure] PayPal acount removal: bug or feature?
Dear full-disclosure@lists.grok.org.uk,
I was trying to remember the password for my older PayPal account in
order to close it. After a couple of unsuccessful attempts I've got an
offer to close this account if I don't remember the password. I
clicked the link. It showed me current state (actually 0) and warned,
because it less than $1.5 it will not be funded. OK. I click close.
Now, guess what?
account was closed (NO confirmation by e-mail, only We are sorry that
you have decided to close your PayPal account.).
I'm quite unexperienced with PayPal, becase it's service for Russia is
new and very limited. But it makes me wonder: is this Feature known?
--
http://www.security.nnov.ru
/\_/\
{ , . } |\
+--oQQo-{ ^ }-+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-o66o--+ /
|/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PayPal acount removal: bug or feature?
I tried this on Paypal.com, with more than twenty consecutive incorrect passwords. I got no such offer. What paypal site were you using, and how many unsuccessful attempts is a couple? Matt 3APA3A wrote: Dear full-disclosure@lists.grok.org.uk, I was trying to remember the password for my older PayPal account in order to close it. After a couple of unsuccessful attempts I've got an offer to close this account if I don't remember the password. I clicked the link. It showed me current state (actually 0) and warned, because it less than $1.5 it will not be funded. OK. I click close. Now, guess what? account was closed (NO confirmation by e-mail, only We are sorry that you have decided to close your PayPal account.). I'm quite unexperienced with PayPal, becase it's service for Russia is new and very limited. But it makes me wonder: is this Feature known? signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PayPal acount removal: bug or feature?
On Wed, 29 Nov 2006 17:02:07 EST, Matthew Flaschen said: I tried this on Paypal.com, with more than twenty consecutive incorrect passwords. I got no such offer. What paypal site were you using, and how many unsuccessful attempts is a couple? Matt 3APA3A wrote: Dear full-disclosure@lists.grok.org.uk, I was trying to remember the password for my older PayPal account in order to close it. After a couple of unsuccessful attempts I've got an offer to close this account if I don't remember the password. Anybody else thinking 'phish'? :) pgpOkMWtZsWpe.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PayPal acount removal: bug or feature?
[EMAIL PROTECTED] wrote: Anybody else thinking 'phish'? :) Actually, no - I experienced almost precisely the same thing with an old paypal account that we'd long since lost the password to and which was associated with a dead e-mail address, and I remember experiencing something similar to that described. I don't remember precisely how much information I had to provide other than the account name. I don't know if this only works with long-idle accounts, but I do recall it being slightly odd at the time (and I checked the account was legitimately closed! Thankfully, I wasn't too shocked since the account was associated with dead bank details, anyhow..) - James. -- James (njan) Eaton-Lee | 10807960 | http://www.jeremiad.org Semper Monemus Sed Non Audiunt, Ergo Lartus - (Jean-Croix) sites: https://www.bsrf.org.uk ~ http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3 -- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] PayPal acount removal: bug or feature?
Dear Matthew Flaschen, PayPal is exactly https://www.paypal.com/. No, it's not phishing. I found on PayPal support it's only possible to close accounts in 'inactive' state. I'm not sure about the terms under which account becomes 'inactive'. --Thursday, November 30, 2006, 1:02:07 AM, you wrote to [EMAIL PROTECTED]: MF I tried this on Paypal.com, with more than twenty consecutive incorrect MF passwords. I got no such offer. What paypal site were you using, and MF how many unsuccessful attempts is a couple? MF Matt MF 3APA3A wrote: account was closed (NO confirmation by e-mail, only We are sorry that you have decided to close your PayPal account.). I'm quite unexperienced with PayPal, becase it's service for Russia is new and very limited. But it makes me wonder: is this Feature known? -- ~/ZARAZA Âå÷íàÿ ïàìÿòü ñâÿòîìó Ïàòðèêó! (Òâåí) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
