Paxum: Your perconal data visible for everyone

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • helterskelter808
    So Fucking Banned
    • Sep 2010
    • 3405

    #51
    Originally posted by bigluv
    So is personal info safe or not? For some reason no one has posted the info for the sample account or ruth's account.
    ^ Read the thread, dummy.

    Comment

    • bigluv
      Confirmed User
      • Jul 2008
      • 850

      #52
      ^^ To above, thanks jackass I missed the one sentence "this has been fixed now". Doesn't really change anything.

      If it indeed existed and has been fixed then I expect an announcement from Paxum that their database was compromised and they have no idea who or what info may have been disseminated.

      Until that happens as far as I'm concerned the jury is out because no convincing screen shots or documents were posted. The chat with support I don't find convincing necessaryily, I've dealt with enough 3rd world monkeys saying stupid stuff at paxum and at other companies.

      If there was enough drama to create a thread why not post the actual evidence and blow the lid off what would be pretty stupid policies over at paxum.

      I've observed first hand their shitty coding, but in this case it seems like the OP and paxum support deserve each other. For someone with a rock solid provable case I don't understand why this was so roundabout.
      Last edited by bigluv; 05-23-2013, 08:48 AM.

      Comment

      • John.
        Confirmed User
        • Jul 2007
        • 2264

        #53
        Jebus...

        Originally posted by RuthB
        No I'm not afraid at all. It's the fact that someone will sink that low to try to do that, even when they cannot actually do it AND they were provided an email address to check as they requested, yet they still tried to make it personal.

        That kind of thing just pisses me off


        Having said that, since this is also getting twisted around, they are welcome to check [email protected] and provide the information from that account if they can.

        I think you'll find we'll be hearing crickets in this thread from the OP though
        Sig too old.

        Comment

        • Lichen
          Tube Master
          • May 2004
          • 1640

          #54
          Originally posted by bigluv
          I expect an announcement from Paxum

          Comment

          • MainstreamGuy
            So Fucking Banned
            • Oct 2011
            • 477

            #55
            I wonder how someone reaches the point to find something like this.

            Was this guy diligently searching for some kind of bug and/or trying to dig very deep into something, for some reason?

            Or was it just "Casuality"? And if so, how did you come up with that "Casuality"?

            Comment

            • signupdamnit
              Confirmed User
              • Aug 2007
              • 6697

              #56
              Originally posted by bigluv
              ^^ To above, thanks jackass I missed the one sentence "this has been fixed now". Doesn't really change anything.

              If it indeed existed and has been fixed then I expect an announcement from Paxum that their database was compromised and they have no idea who or what info may have been disseminated.

              Until that happens as far as I'm concerned the jury is out because no convincing screen shots or documents were posted. The chat with support I don't find convincing necessaryily, I've dealt with enough 3rd world monkeys saying stupid stuff at paxum and at other companies.

              If there was enough drama to create a thread why not post the actual evidence and blow the lid off what would be pretty stupid policies over at paxum.

              I've observed first hand their shitty coding, but in this case it seems like the OP and paxum support deserve each other. For someone with a rock solid provable case I don't understand why this was so roundabout.
              It looks like they were trying to not even acknowledge it here. The feeling I got was that they were trying to brush off the people who took their time to bring this to our attention. In fact it seemed they were treating them like shit. That's all too common now. Obviously they aren't a very honest company. Surprise, surprise.

              Of course I'm a hater for calling it as it is and what Ruth attempted to do to the people reporting this here is all well and good because she's a bro (or sis!). I should just shut up and go find someone's ass to kiss. It's just more of the same these days. I need to quit coming here for the sake of my blood pressure I think.
              Last edited by signupdamnit; 05-23-2013, 02:39 PM.

              You don't like my posts? Put me on ignore or fuck right off. I'll say what I want.

              Comment

              • Bravo
                Confirmed User
                • Jul 2003
                • 393

                #57
                Originally posted by MainstreamGuy
                I wonder how someone reaches the point to find something like this.

                Was this guy diligently searching for some kind of bug and/or trying to dig very deep into something, for some reason?

                Or was it just "Casuality"? And if so, how did you come up with that "Casuality"?
                It was kind of "surprise", cook prepared gate for receive paxum payment for selling traffic trade script. He just followed the paxum documented features, available at their website and for huge surprise it appeared that not only seller can obtain all personal info of buyer, but as well any owner of verified paxum account able to do exactly the same.

                All you was need to do is read their manual, follow instructions and send 0.25$ to the account you target for investigation, in return they provided all info with phone, street address, full name of beneficiary account and other info posted above.

                It was not pleasant surprise, so he immediately reported it... After short confirmation how it works they just closed ticket like it normal thing and nothing terrible..

                He started few threads at webmaster's boards, and after 10 hours and reminders, ticket was reopened and this availability was closed.

                Comment

                • Konda
                  ...
                  • Apr 2003
                  • 2280

                  #58
                  Originally posted by alextm
                  It was kind of "surprise", cook prepared gate for receive paxum payment for selling traffic trade script. He just followed the paxum documented features, available at their website and for huge surprise it appeared that not only seller can obtain all personal info of buyer, but as well any owner of verified paxum account able to do exactly the same.

                  All you was need to do is read their manual, follow instructions and send 0.25$ to the account you target for investigation, in return they provided all info with phone, street address, full name of beneficiary account and other info posted above.

                  It was not pleasant surprise, so he immediately reported it... After short confirmation how it works they just closed ticket like it normal thing and nothing terrible..

                  He started few threads at webmaster's boards, and after 10 hours and reminders, ticket was reopened and this availability was closed.
                  Crazy, so basically after it was posted here on GFY they quickly fixed it and pretend nothing was wrong and accuse the guy that reported it of lying. Amazing...

                  Comment

                  • DWB
                    Registered User
                    • Jul 2003
                    • 31779

                    #59
                    Originally posted by bigluv
                    So is personal info safe or not?
                    If you have to ask, I'd wager the answer is no.

                    Comment

                    • AllAboutCams
                      Femcams.com
                      • Jul 2011
                      • 12234

                      #60
                      Is this a joke or what are you saying everyone info is easily available or not?
                      Binance - Blockchain and Crypto Asset Exchange
                      Chaturbate make money in cams

                      Comment

                      • Google Expert
                        Webmaster
                        • Jun 2004
                        • 14294

                        #61
                        Originally posted by AllAboutCams
                        Is this a joke or what are you saying everyone info is easily available or not?
                        They fixed it by now (won't admit it), but the hole was there.

                        Comment

                        • loreen
                          myadultdesign.com
                          • May 2004
                          • 12558

                          #62
                          Originally posted by AllAboutCams
                          Is this a joke or what are you saying everyone info is easily available or not?
                          They said it's fixed now, but it was easily available before
                          Banners, logos, headers, peels, FHGs, ads, paysites, photo retouching etc: my adult design portfolio
                          My logo portfolio: PornLogos.com

                          Comment

                          • 2013
                            So Fucking Banned
                            • Dec 2012
                            • 4390

                            #63
                            Originally posted by M.A+
                            They fixed it by now (won't admit it), but the hole was there.
                            wonder if their are any other holes..

                            Comment

                            • signupdamnit
                              Confirmed User
                              • Aug 2007
                              • 6697

                              #64
                              Originally posted by Konda
                              Crazy, so basically after it was posted here on GFY they quickly fixed it and pretend nothing was wrong and accuse the guy that reported it of lying. Amazing...
                              That's how this industry is. No public apology to the people reporting this. No announcement that there was a breach. Nothing. I wonder what Paxum's "regulators" would have to say about this? Oh, that's right nothing because there are none. FinTrac only cares about Terrorism and money laundering. They aren't about protecting you. When I saw Paxum tried to present otherwise I knew right there that this company could not be trusted.

                              You don't like my posts? Put me on ignore or fuck right off. I'll say what I want.

                              Comment

                              • AllAboutCams
                                Femcams.com
                                • Jul 2011
                                • 12234

                                #65
                                Originally posted by M.A+
                                They fixed it by now (won't admit it), but the hole was there.
                                Originally posted by loreen
                                They said it's fixed now, but it was easily available before
                                Thanks

                                This is diabolical
                                Binance - Blockchain and Crypto Asset Exchange
                                Chaturbate make money in cams

                                Comment

                                • bigluv
                                  Confirmed User
                                  • Jul 2008
                                  • 850

                                  #66
                                  I wonder if this is a breach of the privacy laws in canada these days.

                                  Comment

                                  • CamTraffic
                                    Confirmed User
                                    • Feb 2008
                                    • 6538

                                    #67
                                    Originally posted by alextm
                                    I gave it to cook, response was in following format

                                    buyer_username=

                                    test=

                                    buyer_name=

                                    buyer_contact_phone=

                                    buyer_email=

                                    buyer_id=

                                    buyer_status=

                                    buyer_address_country=

                                    buyer_address_city=

                                    buyer_address_country_code=

                                    buyer_address_state=

                                    buyer_address_status=

                                    buyer_address_street=

                                    buyer_address_zip=

                                    And as I know cook is not the owner of business account, he got it using his personal paxum account features...

                                    So it looks not nice in whole..
                                    you can find the same info in my domains whois. What s the big deal?
                                    I am always buying traffic and white labels. Hit me up.
                                    Email me HERE!

                                    Comment

                                    • helterskelter808
                                      So Fucking Banned
                                      • Sep 2010
                                      • 3405

                                      #68
                                      ^ His Paxum info is in your domain's whois? That's odd.

                                      Comment

                                      • signupdamnit
                                        Confirmed User
                                        • Aug 2007
                                        • 6697

                                        #69
                                        Originally posted by CamTraffic
                                        you can find the same info in my domains whois. What s the big deal?
                                        You keep your personal address and phone number on your WHOIS? Most don't do that. Most small to medium sized webmasters at least use a po box. But I heard Paxum will not allow a po box for your address. Already we see why it's a bad idea to relent and give out your physical address.

                                        Now what happens the next time when it's all your data including all those photos of you holding your ID? Already they see they won't even admit it when a breach occurs. Do you think they will admit it then? Do you think they are going to volunteer to pay for identity protection for 10,000 people?

                                        You don't like my posts? Put me on ignore or fuck right off. I'll say what I want.

                                        Comment

                                        • bigluv
                                          Confirmed User
                                          • Jul 2008
                                          • 850

                                          #70
                                          Originally posted by signupdamnit
                                          You keep your personal address and phone number on your WHOIS? Most don't do that. Most small to medium sized webmasters at least use a po box. But I heard Paxum will not allow a po box for your address. Already we see why it's a bad idea to relent and give out your physical address.

                                          Now what happens the next time when it's all your data including all those photos of you holding your ID? Already they see they won't even admit it when a breach occurs. Do you think they will admit it then? Do you think they are going to volunteer to pay for identity protection for 10,000 people?
                                          Bingo

                                          8char

                                          Comment

                                          • signupdamnit
                                            Confirmed User
                                            • Aug 2007
                                            • 6697

                                            #71
                                            Originally posted by RuthB
                                            Everybody must follow these procedures. These procedures are also audited ON-SITE by FINTRAC and Mastercard and our banking partners, and we have never had a problem. If there was an obvious data breach like the ones you suggest could happen, our license would have been revoked a long time ago, and due to the strict privacy laws of Canada, there would likely be legal issues as well. This is simply NOT the case because we comply with ALL procedures and regulations.
                                            http://gfy.com/showpost.php?p=18959225&postcount=65

                                            So I ask again what does FINTRAC say about this breach and have they been notified? What about the privacy laws of Canada? Have you even sent out an email to all account holders? What regulations and procedures were being followed in this thread?

                                            You may think I'm an ass but people deserve to know and the way the people who reported this were treated was despicable.
                                            Last edited by signupdamnit; 05-27-2013, 10:46 AM.

                                            You don't like my posts? Put me on ignore or fuck right off. I'll say what I want.

                                            Comment

                                            • Fat Panda
                                              Porn is Dead. Move along.
                                              • Aug 2006
                                              • 13296

                                              #72
                                              if true, this is absolutely fucking RIDICULOUS and very scary. SHAME ON YOU PAXUM

                                              Comment

                                              • Ad Porn Media
                                                Confirmed User
                                                • Apr 2013
                                                • 132

                                                #73
                                                I like Paxum. I like my Paxum card and I want my data to be secured.

                                                But I think cook his telling the truth. I don't know him. I did myself verification on my old IPNs for money I sent in the past and yes, I have some informations about these peoples.

                                                So we should thank him to let Paxum know. But not publicly telling the truth.
                                                [email protected]
                                                ICQ: 684213400
                                                https://twitter.com/AdPornMedia

                                                Comment

                                                • Mr. Garibaldi
                                                  Confirmed User
                                                  • May 2007
                                                  • 741

                                                  #74
                                                  well...

                                                  Comment

                                                  • RandazzoXXX
                                                    Confirmed User
                                                    • Mar 2008
                                                    • 142

                                                    #75
                                                    What a joke. It's one thing for paxum to make a mistake or to have a stupid security hole right out in the open... sucks but shit happens. However having an employee on the forums FLATOUT LYING and acting like a trolling ditz completely makes me lose all faith in that company.

                                                    Jesus Christ, never seen such a moronic rep.

                                                    Comment

                                                    • Chris
                                                      Too lazy to set a custom title
                                                      • May 2003
                                                      • 27880

                                                      #76
                                                      I've read the replies in this thread, and it seems there has been lots of confusion as to what the whole deal was.

                                                      the "bug" that was reported, was initially thought out to be a system that will enable sellers that ship an actual product have a confirmation of the shipping address. It was a documented feature, as someone pointed out. the information enclosed was limited to a few fields as shown above, and it wasn't a hack. This also has nothing to do with any id's, those could not be accessed. We know that's a fear for many account holders.

                                                      This was conceived long ago and overlooked since. This feature was never or close to never used until now. Due to everyone's concerns about privacy, etc., we have decided to eliminate this part of our system as soon as it was brought to our attention on another public forum, which was not very long before this thread appeared. it was fixed immediately, the issue was dealt with before the gfy thread. We would have appreciated it if the person who realized it would have told us prior to making it public specially since it was already repaired. Once more, this information was mistakenly shared, it wasn't a leak and no hacking took place. This could have been used by somebody knowing the exact email address of a paxum member and using the IPN feature for sellers/buyers and even in that case all you could obtain was the shipping information for a paxum member. To make an analogy it is about the same information paypal or ebay provides when you make a purchase.

                                                      As far as Ruth is concerned, in the first replies before asking for the ticket number she had no idea that it was a feature that was already closed and thought like many people supposed that it is another false rumor that paxum is not secure or has been hacked like we see those false statements every other month. Then Ruth reacted a bit harshly as someone tried to obtain her information and make it public her replies were not about the matter at hand with the part of the IPN feature that was closed down. This is obviously not in the spirit of helping us improve our service, and she felt personally attacked by some of the comments specially when she provided a test account for people to try to reproduce the "bug" in order to improve our system. Everyone has a job to do, but when you become the target of what seems to be someone's personal vendetta, spirits heat up. Once again, we would have appreciated the user's comments way before this was blown out of proportion and not jump on boards making half documented accusations about things that we don't have a crystal ball in order to assume what the poster wanted to refer to exactly.
                                                      [email protected]

                                                      Comment

                                                      • Marcus Aurelius
                                                        No Refunds Issued.
                                                        • Apr 2003
                                                        • 14809

                                                        #77
                                                        Originally posted by Konda
                                                        Crazy, so basically after it was posted here on GFY they quickly fixed it and pretend nothing was wrong and accuse the guy that reported it of lying. Amazing...
                                                        Makes you think if you should trust a financial service like this.

                                                        Comment

                                                        • Lichen
                                                          Tube Master
                                                          • May 2004
                                                          • 1640

                                                          #78
                                                          Originally posted by Chris
                                                          We would have appreciated it if the person who realized it would have told us prior to making it public specially since it was already repaired.
                                                          He had let you know. In a ticket, which went ignored. He then made a post on GFY.

                                                          You didn't even bother to get the whole story straight before coming here with damage control.
                                                          Last edited by Lichen; 05-29-2013, 02:10 PM.

                                                          Comment

                                                          • Google Expert
                                                            Webmaster
                                                            • Jun 2004
                                                            • 14294

                                                            #79
                                                            Originally posted by Chris
                                                            I've read the replies in this thread, and it seems there has been lots of confusion as to what the whole deal was.

                                                            the "bug" that was reported, was initially thought out to be a system that will enable sellers that ship an actual product have a confirmation of the shipping address. It was a documented feature, as someone pointed out. the information enclosed was limited to a few fields as shown above, and it wasn't a hack. This also has nothing to do with any id's, those could not be accessed. We know that's a fear for many account holders.

                                                            This was conceived long ago and overlooked since. This feature was never or close to never used until now. Due to everyone's concerns about privacy, etc., we have decided to eliminate this part of our system as soon as it was brought to our attention on another public forum, which was not very long before this thread appeared. it was fixed immediately, the issue was dealt with before the gfy thread. We would have appreciated it if the person who realized it would have told us prior to making it public specially since it was already repaired. Once more, this information was mistakenly shared, it wasn't a leak and no hacking took place. This could have been used by somebody knowing the exact email address of a paxum member and using the IPN feature for sellers/buyers and even in that case all you could obtain was the shipping information for a paxum member. To make an analogy it is about the same information paypal or ebay provides when you make a purchase.

                                                            As far as Ruth is concerned, in the first replies before asking for the ticket number she had no idea that it was a feature that was already closed and thought like many people supposed that it is another false rumor that paxum is not secure or has been hacked like we see those false statements every other month. Then Ruth reacted a bit harshly as someone tried to obtain her information and make it public her replies were not about the matter at hand with the part of the IPN feature that was closed down. This is obviously not in the spirit of helping us improve our service, and she felt personally attacked by some of the comments specially when she provided a test account for people to try to reproduce the "bug" in order to improve our system. Everyone has a job to do, but when you become the target of what seems to be someone's personal vendetta, spirits heat up. Once again, we would have appreciated the user's comments way before this was blown out of proportion and not jump on boards making half documented accusations about things that we don't have a crystal ball in order to assume what the poster wanted to refer to exactly.

                                                            Comment

                                                            • Chris
                                                              Too lazy to set a custom title
                                                              • May 2003
                                                              • 27880

                                                              #80
                                                              Originally posted by Lichen
                                                              He had let you know. In a ticket, which ignored. He then made a post on GFY.

                                                              You didn't even bother to get the whole story straight before coming here with damage control.
                                                              As stated in my post that you quoted me from - this was disabled prior to this client posting it on GFY.
                                                              [email protected]

                                                              Comment

                                                              • faxxaff
                                                                Confirmed User
                                                                • Dec 2002
                                                                • 2134

                                                                #81
                                                                Originally posted by Chris
                                                                As stated in my post that you quoted me from - this was disabled prior to this client posting it on GFY.
                                                                Why not apologize to those who might have been a victim of this issue?
                                                                Asian Babes

                                                                Comment

                                                                • brassmonkey
                                                                  Pay It Forward
                                                                  • Sep 2005
                                                                  • 77397

                                                                  #82
                                                                  Originally posted by Mr. Garibaldi
                                                                  well...

                                                                  last time i saw that was epass
                                                                  TRUMP 2026 KEKAW!!! - The Laken Riley Act Is Law!
                                                                  DACA ENDED - SUPPORT AZ HCR 2060 52R - email: brassballz-at-techie.com

                                                                  Comment

                                                                  • bigluv
                                                                    Confirmed User
                                                                    • Jul 2008
                                                                    • 850

                                                                    #83
                                                                    I still like Paxum compared to the other offerings, but jesus christ, you guys can't stop stepping on your own goddamn dicks.

                                                                    Playing it down as "just shipping info" isn't cool. Neither is obviously trying to let this issue slip away without officially acknowledging it. Like, really? When would it have been serious .. when birth dates and SSN's were included?

                                                                    You guys need to learn the meaning of "get out in front of it".
                                                                    Why the fuck do you think this has blown up as big as it has done? Because you've treated the people here like chumps and it's very obvious.

                                                                    It also demonstrates, admirably, how Paxum will likely react were there to be an even bigger not internally engineered problem.

                                                                    Great going.

                                                                    Next time instead of deny deny deny how about be proactive, get the details professionally and politely and privately, and then evaluate and handle the issue. And then ACKNOWLEDGE, and APOLOGIZE or INFORM.

                                                                    Leaving this hanging for days is about the stupidest thing you could have done considering Paxum cares enough to employ two people to have a presence here.

                                                                    EDIT: To add, yeah there's confusion in this thread. Who's fault is that do you think?
                                                                    Last edited by bigluv; 05-29-2013, 03:27 PM.

                                                                    Comment

                                                                    Working...