Possible Security Flaw in PayPal

MoNeart
New Community Member

Another individual was able to open a PayPal and eBay account using a variation of my email. His email doesn't have a period in it, so PayPal sees it as a unique login name/email address.  Gmail sees it as not being unique, and sends these emails to my email.

 

for example:

 

If my email were <removed> any email that goes to <removed> or <removed> is seen as being the same as <removed>

 

However, if I were to try and login to paypal with <removed> that would not be seen by PayPal as the same login as my own PayPal account, which has the period; i.e. <removed>

 

So I have been getting emails for my paypal account, and this other individuals paypal account, purchases, invoices, etc. I have tried contacting paypal repeatedly about this issue with no one seeming to understand that there is a problem.

 

I have spoken to this individual, he is an older gentleman in another state, and I am certain this is just a mistake somehow caused by someone who helped him set up his email on a 'new phone'; and not an attempt at fraud. I am concerned though that this a security problem that needs to be addressed by PayPal. The potential for abuse is obvious. (I was able to reset my 'account' on ebay that this person opened and close it - because I was able to have the password reset go the 'email on record'.

 

The puzzling thing is this person claims he is still getting emails from PayPal, ebay, etc. Any test email I send though - to the <removed> just shows up in my <removed> and there is no indication he is getting that. I am not sure how this is happening here or how to get it addressed.

 

 

Login to Me Too
0 REPLIES 0

Haven't Found your Answer?

It happens. Hit the "Login to Ask the community" button to create a question for the PayPal community.