My Paypal account was hacked - Has your ever been hacked?

by 27 comments
My PayPal Account was hacked tonight and large payments were sent. Luckily it seems PayPal caught it as there were no funds available since I transfer funds out of that bank account daily and maintain a zero balance account. Glad I learned that system from my bank loan auditing days.

Meanwhile, I had to file my first fraudulent transaction report, on top of their internal investigation.

Wondering how often this happens, and sort of wondering how the hackers figured the password. Brute force or PC keylogger? I use RoboForm rather than type my passwords ... is that easily captured or hacked?

What else can I do to protect passwords stored on my PC? I use Sunbelt Software products Vipre and Personal Firewall, and have felt reasonably comfortable with them.

Your experiences, advice and feedback will be appreciated.

Thanks,
Kirk Ward
#internet marketing #account #hacked #paypal
  • Profile picture of the author Odhinn
    I had my Paypal hacked about a year ago, but PP was very helpful in refunding me all of my money and setting up security and all that. It took them about two days, but during that time they blocked incoming and outgoing payments to me, which was pretty annoying.

    I think you definitely need to look into your email accounts associated with the Paypal account, as that's how I assume they got in to my account as well. Fortunately, I was smart enough to change primary emails with PP when the hack occurred, but a week after, I noticed someone spamming my address book from the gmail address that had originally been used as the primary paypal.

    Of course, I immediately signed up with one of those privacy protection services for my credit cards and banking info. Nothing else ever came from this though.

    Lucky for me, a few changed passwords, some apology emails, and a few days with no payments coming in from Paypal, and I came out OK. All things considered, it wasn't that bad, though I was pretty stressed at the time.
  • Profile picture of the author Kirk Ward
    I appreciate all the feedback ... it's helpful to see what experiences others have had and what thoughts are running through their heads.

    It wasn't a problem with PayPal, they caught it immediately, and although I'm sure they have more security than what I know of , it was probably because all funds go into a zero balance sweep account, or because it was from a questionable ip address.

    I am pretty sure it was my fault, using the same password as with another login. Maybe some pseudo-IM membership site that gathers email address and passwords for their "membership" site and then looks to see if someone was dumb enough to use the same password for their junker research as they were for their banking.

    I was.

    Lesson learned, duh.

    Maybe my IQ is down to where I could work for the government.
  • Profile picture of the author ems82
    Hello,

    It is really scary that hackers are able to hack our PP accounts with the help of email accounts.so, what do you suggest? which email accounts do you think can be safer for us? i mean, hotmail? gmail? yahoo? or, something from your domain or ISP?

    Your recommendations can help many people.
  • Profile picture of the author bob_sikorski
    The phishing emails get more convincing everyday. Don't forget to forward these emails to spoof@paypal.com

    May I suggest you check the credit card and bank info you have listed with Paypal and look over your monthly statement. If someone does hack into your PP account and try to steal $100 and there is only $50 in your PP account, the remaining $50 is automatically deducted from your bank account or credit card.
  • Profile picture of the author Kirk Ward
    I recommend using an email account from your own domain. If you have an isp you can communicate with, the password can be changed, even if they hack your domain.

    My mistake was not changing my PayPal password from the one I used when I created it. I was sloppy and used the same password I use a lot for sloppy stuff. One for dangerous p[laces, and one each for all things important seems to be a bit safer.

    Thanks Bob, I already done did that.

    One additional point. The damage goes beyond me. I just got a phone call from a kid who received one of the payments. Seems he released his World of Warcraft character license to someone with a gmail account as soon as he saw the funds hit his Paypal account. Did you know that a World of Warcraft character license can sell for $300 or more? Jeez, I'm in the wrong business.

    Cheers.
  • Profile picture of the author LordXenu
    Could have happened any number of ways. phishing, keyloggers/spyware, even just plain luck. best way to avoid spyware is to NOT DOWNLOAD PIRATED SOFTWARE. I'm not saying you did, but any time I run an app that even slightly tickles me the wrong way, I do it through a virtual machine. thiss goes for all sorts of applications, including marketing software purchased on what are otherwise reputable forums. I have tinyXP installed in a virtual machine running under Sun's VirtualBox. This is all free, and should save you from the most of your spyware infections.
  • Profile picture of the author JamesCallowag
    My paypal account hasn't been hacked, but my ebay account has. It was a very bizzaree experience when my account was doing all kinds of magical things i don't even know how to do, and getting charged fees i didn't even know existed. Soon I did call their customer support and worked it all out.
  • Profile picture of the author edhan
    Anything to do with banking or money concerns, I write down the passwords in my diary. So, whenever I need to login, I will check with my faithful diary.

    I changed passwords monthly so my diary filled with crossing of passwords.

    I always believe in 'better safe than sorry'. So we ourselves need to take extra precaution to avoid things like this happening. Though some may say that it is tedious to do so but safety is always my first priority.
    • Profile picture of the author Kirk Ward
      Ed, I especially like the idea of frequent password changes. I have to do that on a couple of bank accounts. I'm surprised PayPal doesn't institute something similar.

      Thanks,
      Kirk

      Originally Posted by edhan View Post

      Anything to do with banking or money concerns, I write down the passwords in my diary. So, whenever I need to login, I will check with my faithful diary.

      I changed passwords monthly so my diary filled with crossing of passwords.

      I always believe in 'better safe than sorry'. So we ourselves need to take extra precaution to avoid things like this happening. Though some may say that it is tedious to do so but safety is always my first priority.
  • Profile picture of the author Stevecyr
    Hey.. I hope none of ur money has been stolen. And 1 request for U.. wud U try going in a bit more detail so that we can protect us from being stolen?
  • Profile picture of the author anth.elias
    As a computer geek I know a lot of the ways that hackers get into accounts, brute force does not work on PayPal. Keyloggers are one of the main reasons you could have your account hacked into. Keyloggers are very small files less than 5kb..these are the ones that hackers use not the ones that you can buy to spy on your kids.

    Not all antivirus and antispyware software programs can detect and remove the software so just because your scan came out clean don't let your guard down.

    Rule of thumb to follow is never use a GMail or hotmail account for any financial user names, only use your ISP domain and don't use that email address for anything else change your password every three months-yes it's a hassle..but it's better than the alternative.
  • Profile picture of the author abelacts
    I don't think it's got something to do with phishing. Mine was hacked before and I don't click on email links. And I don't think they stole your password from your email either. Somehow, how it happened really intrigued me until today. But fortunately, Paypal refunded all the funds.
    • Profile picture of the author Lokesh Sharma
      Originally Posted by abelacts View Post

      I don't think it's got something to do with phishing. Mine was hacked before and I don't click on email links. And I don't think they stole your password from your email either. Somehow, how it happened really intrigued me until today. But fortunately, Paypal refunded all the funds.
      I wonder if you too used to use same passwords for all your internet acocunts as was the case with Kirk...

      - Lokesh Sharma
  • Profile picture of the author marketing1012
    Far out thats scary as, I watched a documentary on hackers, scary stuff man!
  • Profile picture of the author jerodrx
    Hi Kirk,

    I use Roboform for everything, but there are two password that i dont store in
    Roboform, and i only use that paswords from my very own internet connection in
    my house or office, that two password are my Paypal account and my online banking.

    I don't know if is really possible that someone can steal your passwords from
    Roboform but i dont want to put in risk my financial information.

    And other thing is that when i'm gonna use my Paypal Account i dont use my
    PC keyboard i use the 'keyword on screen' feature on windows, because i read in
    a pc security forum that some viruses or cookies can read what are you typing on
    your keyboard, but they can't read anything is you use your mouse and the
    keyword on screen.
  • Profile picture of the author AlbertF
    I would say to never spread your Paypal login info. If you didn't and you got hacked, I would say it is a cause of a Spyware of some sort or some one somehow got into your account. I think Paypal can trance who logged in and help you.
  • Profile picture of the author Thomas Wilkinson
    Well nuts Tina, I see that my Gmails are set on https but I can't remember
    how I did that. There was a thread in here a couple of months ago on how.
  • Profile picture of the author sbucciarel
    Never had mine hacked but someone hacked someone else's account to purchase websites from me. They purchased 2 before the owner filed a dispute saying he didn't authorize any purchases. I honestly didn't know if it was him or he was indeed hacked, but I believe now he was hacked.

    I use DLGuard to deliver my sites and it has a ban customer feature. After the two sites were "sold", I banned the customer by ip and email ... Three more attempts to buy my sites came in but were aborted.
  • Profile picture of the author TorontoCarol
    Hi Kirk, nice to see you here. My daughter's paypal was hacked last year too. Big hassle, but paypal did catch it right away and fixed things up. Right after that, I got one of paypal's security keys and like using it. Not expensive and hopefully does its job.

Next Topics on Trending Feed