Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Fens
(member) Tue 27-Mar-12 16:50:11
Print Post

paypal account hacked?


[link to this post]
 
I have a paypal account which I only use to pay for stuff occasionally on ebay. I used my PP account to pay for a couple of ebay items about a week ago. I've had a PP account for quite a few years without problem.

This morning I received an email from PP confirming a payment for £70 to John Smith.
I have never heard of this person and haven't authorized any payments apart from two small amounts a couple of weeks ago. Oddly about an hour or two later I received an email from John Smith (he has a hotmail account) which was ranting and calling me names. Bizarre.

I didn't click on any of the email links but accessed PP in my usual way which seems secure. There had indeed been a payment made from my account to John Smith. I checked with my bank and they confirm it also. I have changed my password on my PP account.

I am going through the Fraud Resolution thing directly with PP and hope for a good outcome.

However, what I want to know how my account has been accessed by a third party. I've googled etc but can't find a definitive answer. I access my ebay and PP accounts only at home on my own laptop. it is a wireless connection but is secured using WSK 2 or whatever its called. Never had others problems of this sort before.

Can anyone explain so I can understand and protect myself for the future.

Thanks kindly.
Standard User john2007
(legend) Tue 27-Mar-12 17:06:04
Print Post

Re: paypal account hacked?


[re: Fens] [link to this post]
 
Probably nothing. If you google for paypal account hacked you'll see you are not alone.

Ensure you have a decent (secret) password and remove linked banking/credit/debit card details and leave a zero balance in the account! That way if you are hacked you won't lose anything.
Standard User mixt
(experienced) Tue 27-Mar-12 18:04:19
Print Post

Re: paypal account hacked?


[re: Fens] [link to this post]
 
Happened to me a while back also (by the time I had reported it to PayPal, and they had frozen my account, I think about 2 to 3 transactions had gone through). All refunded in due course.

I had an 8 character random password on my account. They may have just guessed this, or, another site where I also use this same password got compromised, and they were able to associate my email address with that password. These are the only two logical explanations I can think of.

Which is why it is:

1) a good idea to have a different password for every website you have an account with. Hard to maintain, so might be better to hash the website name (www.foo.com) to a 5 or 6 character string and then pre/postfix this with your static fixed password making a unique password for each site (I read this somewhere, not my idea originally).

2) advisable to use more characters, and more variety of characters. Looking back, my 8 characters were all lower case, and only letters. Although completely random, and not based on any dictionary word, it's still crackable.

3) worth checking if the website you register with, when you follow their password recovery process, emails you your password, or can reveal to you what it is currently set to. If they can do this, it means they are storing it plain text and not hashed so if their user information becomes compromised, your password will have been too. All sites should store passwords via hashing only, and no site should be able to tell you what your password is/was.

Now on <aaisp.net> (21CN+IPv6)
Previous ISPs: Virgin Media (50Mb/Cable), Be* Un Limited, ZeN
Is Linux routing your internet connection?
Need to make BIND geo-aware?

Edited by mixt (Tue 27-Mar-12 18:09:13)


Register (or login) on our website and you will not see this ad.

Standard User awoodland
(regular) Tue 27-Mar-12 18:09:31
Print Post

Re: paypal account hacked?


[re: mixt] [link to this post]
 
In reply to a post by mixt:
1) a good idea to have a different password for every website you have an account with. Hard to maintain, so might be better to hash the website name (www.foo.com) to a 5 or 6 character string and then pre/postfix this with your static fixed password making a unique password for each site (I read this somewhere, not my idea originally).


It's better to append/prepend/interleave your static fixed password to the domain name before hashing rather than after hashing because it makes it significantly harder to figure out the scheme (and secret) given a a password leaked from even multiple sites.
Standard User Huntyz
(regular) Tue 27-Mar-12 18:11:59
Print Post

Re: paypal account hacked?


[re: awoodland] [link to this post]
 
On my paypal + gmail accounts it will send me a sms with a code before it will let me login, im surprised your not using this?

Standard User mixt
(experienced) Tue 27-Mar-12 18:17:32
Print Post

Re: paypal account hacked?


[re: awoodland] [link to this post]
 
Nice idea!

Now on <aaisp.net> (21CN+IPv6)
Previous ISPs: Virgin Media (50Mb/Cable), Be* Un Limited, ZeN
Is Linux routing your internet connection?
Need to make BIND geo-aware?
Standard User Zadeks
(committed) Tue 27-Mar-12 19:06:45
Print Post

Re: paypal account hacked?


[re: Fens] [link to this post]
 
Download a copy of Malwarebytes, update the definitions and perform a full system scan, preferably in safemode.

Enable two-factor authentication on your PayPal account. This can be done using a mobile phone (SMS) or a dedicated dongle provided by PayPal for a small fee.
Standard User Fens
(member) Wed 28-Mar-12 12:29:36
Print Post

Re: paypal account hacked?


[re: mixt] [link to this post]
 
Thanks all for the information, that's useful in trying to understand what happened.
Also thanks for the password creation tips.

btw, I have been told by PP that a full refund is on the way. No explanation why it happened though, but I think this is par for the course.

Again thanks to those with contributions. Appreciate it.
  Print Thread

Jump to