SAN JOSE, Calif.--March 12, 2004--Through its anti-fraud investigations, PayPal has learned that third parties may have obtained limited transaction information of selected customers through the PayPal site after obtaining the passwords of several PayPal merchants. The information obtained includes first and last name, mailing address, email address, and information about the transaction. No personal financial information was disclosed. PayPal passwords, Social Security numbers, driver's license data, credit card numbers, or bank account numbers are protected because PayPal always encrypts this data and maintains it on secure servers that cannot be accessed by any merchant or third party.
These third parties may seek to use the obtained information to target users with deceptive emails appearing to come from PayPal or online merchants.
PayPal has seen no evidence of fraudulent emails resulting from such incidents. However, the company is continuing to make protection against fraudulent emails a high priority. PayPal is informing affected customers and has set up a dedicated email address and toll-free phone number for customers' questions and concerns at firstname.lastname@example.org or 1-866-648-5869.
PayPal recommends that users take the following steps for protecting accounts:
-- Look out for suspicious-looking emails. If an email appears fraudulent or suspicious, forward it immediately to email@example.com.
-- Never provide personal or financial information in response to an email request. PayPal will not ask users to supply passwords, bank account information, credit card numbers or any other financial information in an email.
-- Log in safely to PayPal by opening a new web browser window (e.g., Internet Explorer or Netscape), and type in the following: https://www.paypal.com/.
-- Regularly check PayPal accounts for unauthorized activity.
-- Change passwords regularly. Select a new password that uses a random combination of letters, numbers and symbols. Avoid using single names or words that can be found in a dictionary. PayPal passwords are always encrypted and never shared with merchants or third parties.
-- Never download any email attachments. PayPal will never send an email attachment, or ask users to download anything from an email, in order to use its service or that of any partners.
-- Use the eBay Toolbar with the Account Guard feature that enables users to protect PayPal account information by warning when a user is on a potentially fraudulent (spoof) web site. The toolbar can be downloaded directly from eBay at http://pages.ebay.com/ebay_toolbar/.
PayPal, an eBay Company, enables any individual or business with an email address to securely, easily and quickly send and receive payments online. PayPal's service builds on the existing financial infrastructure of bank accounts and credit cards and utilizes the world's most advanced proprietary fraud prevention systems to create a safe, global, real-time payment solution. Founded in 1998, PayPal has more than 40 million accounts and is available to users in 38 countries around the world. More information about the company can be found at https://www.paypal.com/.