Hacker News new | past | comments | ask | show | jobs | submit login

I don't have any information about this other than what's in the article. However, as a proactively paranoid precaution, I've chosen to temporarily de-associate my company's bank account from its paypal account, just to make it impossible for an attacker to drain those funds.

I know that if this does turn out to be a legit security issue, Paypal's engineers will soon deploy a fix, after which I will just re-associate it.

The procedure is:

  1) log into your paypal account
  2) click "profile"
  3) Click on "My Money"; or if you don't see that, look for the subheading "Financial Information" and click "Bank accounts"
  4) You should see a link for the bank account; select it
  5) click "Remove"
  6) *confirm* on the next screen (be sure to click that "confirm remove" button)
  7) See the confirmation message
That's it. Depending on your Paypal balance, you may want to try transferring funds into the account before dissociating. [EDIT: Or maybe not, sounds like it could block the disassociation procedure - check the comments below.] I don't know if you can do both in sequence quickly; fortunately our paypal balance happened to be really low today.

It won't let me do this at the moment because a withdrawal is already pending.

I'm actually more afraid of delinking then relinking a bank account setting off some kind of red flag at PayPal's risk department than losing the balance of a bank account. PayPal's the preferred way to pay for millions of people, losing access to it forever as a business may be worth more than my current linked assets.

Man, I seriously hope I never find my business relying so heavily on another business that I mistrust that much. That would keep me awake at night.

Oh it does. And it always happens when you least expect it. I had my main source of income disappear overnight twice.

Once was when 5 chargebacks came in on one day early in a month from a set of 5 credit card payments made by a single scammer; that put my account over some chargeback percentage level allowed by my merchant account provider and they terminated me on the spot after years of service. I had to ask dozens of customers with monthly subscriptions to sign up again with another payment provider, not all of them did.

The second time Google decided it would no longer allow AdWords ads for an entire category of (perfectly legal, non-scammy) services and suspended all ads in that category, including mine. Overnight my largest source of customers is gone and is never coming back. There's still Bing/Yahoo! but nobody quite matches the reach of Google for online advertising.

At this point I plan backups for the loss of every possible business relationship just to keep myself sane... while praying I never have to switch to the backups because there's obviously a reason they're the backup and not the primary.

This seems prudent. From what I can see in our account, its a single passwordless click to empty the associated account into the paypal once you have the paypal password. (probably right up to the limit of the so-called "overdraft protection" on the bank account)

I was always more afraid of paypal itself being able to get at the mandatory associated bank account so we created a special account just to link to paypal. Its kept mostly empty most of the time.

It was hell-and-a-half to get the bank to turn off the "overdraft protection" on the account.

I just did this, but it tells me they cannot close the account because there's a transaction open. I bought a domain yesterday. This is with the German paypal, and a German bank, which are known to be the among the most retrograde and cumbersome. Does anyone have a workaround?

Is there a way of having one's account completely deleted from paypal by request? Through the support website? I only found a link for "close account" and I cannot use it since my account has been "limited" and I have no interest in sending paypal even more of my personal information like copy of passport and what not.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact