^ Read the thread, dummy.

^^ To above, thanks jackass I missed the one sentence "this has been fixed now". Doesn't really change anything.

If it indeed existed and has been fixed then I expect an announcement from Paxum that their database was compromised and they have no idea who or what info may have been disseminated.

Until that happens as far as I'm concerned the jury is out because no convincing screen shots or documents were posted. The chat with support I don't find convincing necessaryily, I've dealt with enough 3rd world monkeys saying stupid stuff at paxum and at other companies.

If there was enough drama to create a thread why not post the actual evidence and blow the lid off what would be pretty stupid policies over at paxum.

I've observed first hand their shitty coding, but in this case it seems like the OP and paxum support deserve each other. For someone with a rock solid provable case I don't understand why this was so roundabout.

Jebus...

I wonder how someone reaches the point to find something like this.

Was this guy diligently searching for some kind of bug and/or trying to dig very deep into something, for some reason?

Or was it just "Casuality"? And if so, how did you come up with that "Casuality"?

It looks like they were trying to not even acknowledge it here. The feeling I got was that they were trying to brush off the people who took their time to bring this to our attention. In fact it seemed they were treating them like shit. That's all too common now. Obviously they aren't a very honest company. Surprise, surprise.

Of course I'm a hater for calling it as it is and what Ruth attempted to do to the people reporting this here is all well and good because she's a bro (or sis!). I should just shut up and go find someone's ass to kiss. It's just more of the same these days. I need to quit coming here for the sake of my blood pressure I think.

It was kind of "surprise", cook prepared gate for receive paxum payment for selling traffic trade script. He just followed the paxum documented features, available at their website and for huge surprise it appeared that not only seller can obtain all personal info of buyer, but as well any owner of verified paxum account able to do exactly the same.

All you was need to do is read their manual, follow instructions and send 0.25$ to the account you target for investigation, in return they provided all info with phone, street address, full name of beneficiary account and other info posted above.

It was not pleasant surprise, so he immediately reported it... After short confirmation how it works they just closed ticket like it normal thing and nothing terrible..

He started few threads at webmaster's boards, and after 10 hours and reminders, ticket was reopened and this availability was closed.

Crazy, so basically after it was posted here on GFY they quickly fixed it and pretend nothing was wrong and accuse the guy that reported it of lying. Amazing...

If you have to ask, I'd wager the answer is no. :2 cents:

Is this a joke or what are you saying everyone info is easily available or not?

They fixed it by now (won't admit it), but the hole was there.

They said it's fixed now, but it was easily available before :(

wonder if their are any other holes..

That's how this industry is. No public apology to the people reporting this. No announcement that there was a breach. Nothing. I wonder what Paxum's "regulators" would have to say about this? Oh, that's right nothing because there are none. FinTrac only cares about Terrorism and money laundering. They aren't about protecting you. When I saw Paxum tried to present otherwise I knew right there that this company could not be trusted.

Thanks

This is diabolical :mad:

I wonder if this is a breach of the privacy laws in canada these days.

you can find the same info in my domains whois. What s the big deal?

^ His Paxum info is in your domain's whois? That's odd.

You keep your personal address and phone number on your WHOIS? Most don't do that. Most small to medium sized webmasters at least use a po box. But I heard Paxum will not allow a po box for your address. Already we see why it's a bad idea to relent and give out your physical address.

Now what happens the next time when it's all your data including all those photos of you holding your ID? Already they see they won't even admit it when a breach occurs. Do you think they will admit it then? Do you think they are going to volunteer to pay for identity protection for 10,000 people?

Bingo

8char

https://gfy.com/showpost.php?p=18959225&postcount=65

So I ask again what does FINTRAC say about this breach and have they been notified? What about the privacy laws of Canada? Have you even sent out an email to all account holders? What regulations and procedures were being followed in this thread?

You may think I'm an ass but people deserve to know and the way the people who reported this were treated was despicable.

if true, this is absolutely fucking RIDICULOUS and very scary. SHAME ON YOU PAXUM

I like Paxum. I like my Paxum card and I want my data to be secured.

But I think cook his telling the truth. I don't know him. I did myself verification on my old IPNs for money I sent in the past and yes, I have some informations about these peoples.

So we should thank him to let Paxum know. But not publicly telling the truth.

well...

http://www.welovetheiraqiinformation...7-minister.jpg

What a joke. It's one thing for paxum to make a mistake or to have a stupid security hole right out in the open... sucks but shit happens. However having an employee on the forums FLATOUT LYING and acting like a trolling ditz completely makes me lose all faith in that company.

Jesus Christ, never seen such a moronic rep.

I've read the replies in this thread, and it seems there has been lots of confusion as to what the whole deal was.

the "bug" that was reported, was initially thought out to be a system that will enable sellers that ship an actual product have a confirmation of the shipping address. It was a documented feature, as someone pointed out. the information enclosed was limited to a few fields as shown above, and it wasn't a hack. This also has nothing to do with any id's, those could not be accessed. We know that's a fear for many account holders.

This was conceived long ago and overlooked since. This feature was never or close to never used until now. Due to everyone's concerns about privacy, etc., we have decided to eliminate this part of our system as soon as it was brought to our attention on another public forum, which was not very long before this thread appeared. it was fixed immediately, the issue was dealt with before the gfy thread. We would have appreciated it if the person who realized it would have told us prior to making it public specially since it was already repaired. Once more, this information was mistakenly shared, it wasn't a leak and no hacking took place. This could have been used by somebody knowing the exact email address of a paxum member and using the IPN feature for sellers/buyers and even in that case all you could obtain was the shipping information for a paxum member. To make an analogy it is about the same information paypal or ebay provides when you make a purchase.

As far as Ruth is concerned, in the first replies before asking for the ticket number she had no idea that it was a feature that was already closed and thought like many people supposed that it is another false rumor that paxum is not secure or has been hacked like we see those false statements every other month. Then Ruth reacted a bit harshly as someone tried to obtain her information and make it public her replies were not about the matter at hand with the part of the IPN feature that was closed down. This is obviously not in the spirit of helping us improve our service, and she felt personally attacked by some of the comments specially when she provided a test account for people to try to reproduce the "bug" in order to improve our system. Everyone has a job to do, but when you become the target of what seems to be someone's personal vendetta, spirits heat up. Once again, we would have appreciated the user's comments way before this was blown out of proportion and not jump on boards making half documented accusations about things that we don't have a crystal ball in order to assume what the poster wanted to refer to exactly.

Makes you think if you should trust a financial service like this.

:disgust

He had let you know. In a ticket, which went ignored. He then made a post on GFY.

You didn't even bother to get the whole story straight before coming here with damage control.

As stated in my post that you quoted me from - this was disabled prior to this client posting it on GFY.

Why not apologize to those who might have been a victim of this issue?

last time i saw that was epass :(

I still like Paxum compared to the other offerings, but jesus christ, you guys can't stop stepping on your own goddamn dicks.

Playing it down as "just shipping info" isn't cool. Neither is obviously trying to let this issue slip away without officially acknowledging it. Like, really? When would it have been serious .. when birth dates and SSN's were included?

You guys need to learn the meaning of "get out in front of it".
Why the fuck do you think this has blown up as big as it has done? Because you've treated the people here like chumps and it's very obvious.

It also demonstrates, admirably, how Paxum will likely react were there to be an even bigger not internally engineered problem.

Great going.

Next time instead of deny deny deny how about be proactive, get the details professionally and politely and privately, and then evaluate and handle the issue. And then ACKNOWLEDGE, and APOLOGIZE or INFORM.

Leaving this hanging for days is about the stupidest thing you could have done considering Paxum cares enough to employ two people to have a presence here.

EDIT: To add, yeah there's confusion in this thread. Who's fault is that do you think?