On April 20, 2016, a number of Kidizen members informed us that they received a message from PayPal when they logged into their PayPal accounts suggesting that they change their password. The message from PayPal that stated the following: "Login from an unknown device near Ashburn, VA Just to be safe, let's change your security details to help your account from being used without your knowledge." PayPal then directed users to change their PayPal passwords. The following provides responses to a number of questions that have arisen as a result of this communication from PayPal. We will continue to provide updates here as we have more information to share.
UPDATE: PayPal has confirmed that there has been no security breach, nor are any accounts at risk due to purchases or cashouts made on Kidizen. PayPal is still investigating the exact cause as to why their automated system triggered the alerts you received. However, we have been assured that it is a precautionary measure that is not connected to any threat to the security of one's account.
Can you provide more information on what happened?
Some users received a warning message from PayPal when they logged into their PayPal accounts. The message was precautionary in nature and not in a response to any breach or hack. The message said that PayPal noticed that your PayPal account was being used from Virginia and that was unusual to them. As a precaution, they recommended changing your password. Again, no breach or hack happened, PayPal just sent a message to some users to be extra careful and extra safe.
When we contacted PayPal directly, they confirmed that this was a precautionary measure and that there was no flag or evidence that there was an issue in connection with Kidizen's account.
We are working to acquire more information from PayPal to clarify what triggers this message to PayPal users, and if this message has been sent to a larger group of users, beyond those who use Kidizen.
Did Kidizen get hacked or breached?
No. There is no evidence of abnormal access or activity on any our systems.
Why Ashburn, VA?
Ashburn, VA is the location of 16 very large data centers. Virginia is one of the largest data centers in the world, with tens of thousands of companies storing their data on secure servers in this location.
When PayPal states that a login came from a device near Ashburn, VA, it means that a payment request came from one of the servers located in this area.
Why was the message sent at all? I use PayPal elsewhere and don't get that message.
We are working to gather more detail from PayPal to determine if our users' activity on Kidizen triggered the message from PayPal.
PayPay is constantly monitoring their systems to detect any changes in payment flow and behavior. We recognize that a change such as Kidizen's new payment system could certainly cause PayPal to monitor our activity and our user's activity more closely. In many ways this is a good thing and we welcome the additional security precautions (although, we do apologize that may have resulted in our users needing to change their PayPal passwords). And while we worked in partnership with PayPal to make these changes to our payment system, their security team has a number of automated responses to situations that wouldn't necessarily take this partnership into account. Both PayPal's and Kidizen's security protocols have multiple checks and balances, that include precautionary measures that, at times, trigger alerts that are later found to be unneeded.
Why should I reach out to PayPal directly?
Kidizen does not have access to your PayPal account or any information stored in your PayPal account. Therefore, if there is concern regarding fraudulent activity or misuse of your PayPal account, only someone from PayPal can verify activity and details of your PayPal account.
Has the issue been resolved? Is my PayPal account safe?
We have spoken with PayPal's Fraud Department, and they have assured us that if you were prompted to change your PayPal password, that by changing your password your account is safe and the issue has been resolved. No other action is required in order to continue safely using your PayPal account.