My PAYPAL was hacked!

[Seeker]

I am an author, but I was in I/T for 25 years plus.

I know computers intimately. I practice "safe computing" - I have good passwords, and never fall for phishing or the junk email that comes in.

Still, last week, my business Paypal account was emptied, and a lot of "echecks" were submitted to also drain my attached checking account.

Luckily, since I live on my computer, I saw the PayPal verification emails within an hour (and the transactions were deliberately sent slightly before midnight on Saturday night).

The good news is I caught it - immediately submitted transaction disputes - and there is only one outstanding transaction that hasn't been refunded to me. The echecks (given Monday had not come) were deleted before submission.

Still - VERY SCARY. I was out of town - what if I had not taken my laptop? I only got home today - I could have found both Paypal and checking emptied.

I tried to analyze "what did I do wrong", given how good I am on these things.

1) I only use about 5 passwords - and my gmail password matched by business paypal password - gmail was recently hacked - 'they' (appears to be in Asia somewhere) could just have tried the same in paypal and got a bingo.

2) my business paypal takes payments for my Christmas books. Easily picked up by a robot - and my password was "only" 8 letters followed by a number - not 'strong' enough by today's standards where a computer can blast passwords at an account.

My next steps.

Jan and I are setting up about 10 passwords - all strong - i.e. 8 letters/numbers MINIMUM - always 2 letters and 2 numbers, and maybe special characters too. How do you handle this (and why we hadn't done this before). We are using KEEPASS (open source and free) to record every place we have a password.

We also are still going with "easy for us - tough for everyone else" - ie. words from book titles we love, numbers sprinkled in, names of children (not that we have any - but I'm not giving away what we're REALLY doing) all mixed up with numbers mixed in, and so on. Again, it ends up looking like nonsense, but 'we' know it.

Just thought I'd throw this in for discussion - I'm EXTREMELY savvy on this stuff - yet still got hacked. Not a fun experience.

[Pizza Guy]

I don't trust Paypal and will never use it again. About a year ago my Paypal account was hacked. I had only used it previously one time and that was several months before the hack. I found out about first from email messages from Paypal that I thought was phishing so I ignored them. When I got my next credit card statement there were 5 Paypal transactions on the statement all for under $30. I contacted the cc company and disputed the charges and they quickly credited my account (also closed that account and opened up a new one). To this day I don't really know how it happened.

[mnn2501]

For security reasons I would not keep my passwords on my computer, Frankly I keep it written but in a code, all my passwords are 8 charectors or more: letters, numbers and symbols, whenever I change them I only change 1 charector so it keeps it very similar, the number tells me what the current 'changed charector' is. The letter tells me what 'word' the letters are.


my written password list looks like this
CB - S4
TO - T8
IP - P1
BN - s9
etc
I know exactly what it means but someone else would be clueless (btw, this is my real password list for anyone that wants to try)

[Stephen in SOKY]

Another example of why I avoid Ebay due to their PayPal only policy.

[Wisconsin Ann]

Congrats on getting on top of it so quickly. That could have been nasty.

[Seeker]

I feel the same way about passwords, which is why I didn't have that many.

I looked for an encrypted password program, which is why I mentioned KeePass.

I don't like having to be more careful, but I feel I must.

[flowergurl]

I never use paypal and don't plan to. I shop with those on e-bay who still take money orders or checks. I ask what form of payment they take before I bid on something. If it's paypal only, then I say okay I'll just buy from another seller instead.

[ladycat]

Quote:

Originally Posted by Seeker

1) I only use about 5 passwords - and my gmail password matched by business paypal password - gmail was recently hacked - 'they' (appears to be in Asia somewhere) could just have tried the same in paypal and got a bingo.

2) my business paypal takes payments for my Christmas books. Easily picked up by a robot - and my password was "only" 8 letters followed by a number - not 'strong' enough by today's standards where a computer can blast passwords at an account.

I use a unique password for each *critical* account (such as Paypal, server root login, etc).

I also use a combination of caps, lower case, numbers, and characters.

A password of mine looks like this: X&2t4%Dj4

But even with the most stringent security measures, it's possible to get hacked.

[chickenmommy]

I can tell you exactly what happens when you don't catch it immediately. I ignored those e-mails as phishing, also. I eventually got my $1800.00 but it was like trying to pull teeth from a rhino.

[clovis]

Here is a question for everyone...

I sometimes use my lap top when traveling and can find free wi-fi. Most of these, if not all, are reputable places like Chick-fil-A, Hampton Inn, etc. I know that just because they are reputable businesses doesn't mean that the internet wi-fi connection is safe.

Can you tell me how safe this actually is? I am generally checking email and ebay both, and most often, have to type in my passwords for those accounts. I always worry about someone hacking my accounts this way. How much concern should I have?

[Woodpecker]

Seeker this happened to me too. I had to go through the whole fraud thing with the bank and I was issued a new card. Now I don't use Paypal.

[Fujiko]

Quote:

Originally Posted by clovis

Here is a question for everyone...

I sometimes use my lap top when traveling and can find free wi-fi. Most of these, if not all, are reputable places like Chick-fil-A, Hampton Inn, etc. I know that just because they are reputable businesses doesn't mean that the internet wi-fi connection is safe.

Can you tell me how safe this actually is? I am generally checking email and ebay both, and most often, have to type in my passwords for those accounts. I always worry about someone hacking my accounts this way. How much concern should I have?

I'm not an IT professional but I believe if a network is public, then there is not enough security. I've seen news segments (Good Morning America-style) where a hacker on the same network can look at EVERYTHING you are doing and all the data that goes back and forth. I wouldn't be accessing email or especially financial accounts on public wi-fi.

[willow_girl]

Do not link your Paypal account to a checking, savings, or CC account.

They will pester you incessantly to "get verified," etc. Tell them to tinkle up a rope!

When you want your money, request a check. Yes, it'll cost you $1.50, but that's a small price to pay, IMO.

eBay's customer service is notoriously lousy, and since Paypal is owned by eBay ,,,,,, !

[clovis]

Quote:

Originally Posted by Fujiko

I'm not an IT professional but I believe if a network is public, then there is not enough security. I've seen news segments (Good Morning America-style) where a hacker on the same network can look at EVERYTHING you are doing and all the data that goes back and forth. I wouldn't be accessing email or especially financial accounts on public wi-fi.

Okay. I hate having to check my email using wi-fi. Normally, when I have to use it...and have no choice, I change the password the minute I get home.

I never, ever check paypal via wi-fi.

[Teri]

Our paypal account was once hacked to the tune of $500. We got it back...eventually. The folks at our small town bank said they have no end of trouble with paypal and refuse to use it.