OT: ebay Store Hacked

[samosa4u]

Howard, I feel your pain.

Just about a month ago, somebody hacked my email. And because this person had access to my email, he used it to gain access to my Paypal. All he had to do was tell Paypal that he forgot the password and they sent to my email account a temporary password that he used. He added phone numbers to my Paypal account and made a few payments using my Paypal funds to websites I have never heard of - video game websites? He also deleted the Paypal emails sent to my email account. However, you can recover recently deleted email, and that's how I found all the emails he deleted while I was asleep. I found some emails in Russian as well - fucking bastards.

Anyways, the next day I tried to get into my Paypal account, and I couldn't. I was like "what the hell is this shit?" So, I had to reset the Paypal password, and then once I got into my Paypal account and saw what this fucker did, I was like "holy shit! I've been hacked!" I never thought it could happen to me because I always considered myself to be one of the "smart guys," but boy was I wrong!

I phoned up Paypal and was put through with a rep in a few minutes. They were very professional and refunded back the unauthorized payments within a few hours. I changed my Paypal password and my email password. I also changed all my online banking passwords, although none of them got hit. You want your passwords to be long and also use a combination of numbers, as well as letters (lower and uppercase.) You can use symbols as well. And finally, my buddy (who works in computer networking or security?) told me that I should check out KeePass. KeePass is an open source password manager. You can download it for free from their website. It's a bit difficult to understand, and so you can watch those awesome tutorials found on YouTube.

[Buythatcard]

Quote:

Originally Posted by samosa4u

Howard, I feel your pain.

Just about a month ago, somebody hacked my email. And because this person had access to my email, he used it to gain access to my Paypal. All he had to do was tell Paypal that he forgot the password and they sent to my email account a temporary password that he used. He added phone numbers to my Paypal account and made a few payments using my Paypal funds to websites I have never heard of - video game websites? He also deleted the Paypal emails sent to my email account. However, you can recover recently deleted email, and that's how I found all the emails he deleted while I was asleep. I found some emails in Russian as well - fucking bastards.

Anyways, the next day I tried to get into my Paypal account, and I couldn't. I was like "what the hell is this shit?" So, I had to reset the Paypal password, and then once I got into my Paypal account and saw what this fucker did, I was like "holy shit! I've been hacked!" I never thought it could happen to me because I always considered myself to be one of the "smart guys," but boy was I wrong!

I phoned up Paypal and was put through with a rep in a few minutes. They were very professional and refunded back the unauthorized payments within a few hours. I changed my Paypal password and my email password. I also changed all my online banking passwords, although none of them got hit. You want your passwords to be long and also use a combination of numbers, as well as letters (lower and uppercase.) You can use symbols as well. And finally, my buddy (who works in computer networking or security?) told me that I should check out KeePass. KeePass is an open source password manager. You can download it for free from their website. It's a bit difficult to understand, and so you can watch those awesome tutorials found on YouTube.

Your experience sounds so much like mine. Once they hack your eMail, they can do some serious damage. I was already using some very long passwords with all sorts of combinations.
I still wonder how they got my passwords unless some malware was installed on my PC that copied my keystrokes.
I did have a service clean up any malware after I was hacked.

[steve B]

Do not trust Paypals 2 factor authentication.

I had that happen to my paypal account about three years ago. First time they got access to my email, which allowed the hijacking of paypal They sent money to someone in Africa somewhere(I forget the country)

Paypal said it was "normal" activity....
Had to get the bank to reverse it, except for some reason they had to let the fraudulent transaction complete first.. WTF!!

Changed all passwords, moved Paypal to a different email. Setup 2 factor.

Two weeks later, same thing, except they deleted the emails about paypal off the server so I didn't get them. That super safe 2 factor authentication? They sent a text asking if we really wanted to send money to Mozambique or wherever it was. AT 3 AM.... and after they didn't hear back for a couple hours they let it go through with out approval.

2 factor authentication is worthless when it's done the way Paypal does it.

[Directly]

Was your issue using Ebays new management system since sales funds aren't transferred to Paypal anymore ?

[Santo10Fan]

This is cold comfort, but the system itself has major vulnerability since 2FA utilizes an inherently unsecure and easily cross-referenced point of entry for hackers-our phone numbers. It's still more secure than not having 2FA, but improvements are needed.

I posted on Net54 this year a thesis that 2FA tied to your device, not your phone provider account, is in fact what was originally intended. Slowly, creakily, the tech world is headed in that direction with apps like Authy that provide a push notification you simply allow or deny access with. Paypal recently added it so I highly recommend adding it there. Cryptocurrency heists are driving the evolution in identity theft security solutions.

You should run your email through the "pwned" searcher to check if it's been caught up in a data breach. The best course of action if it comes back red, unfortunately, is to abandon the account.

https://haveibeenpwned.com/
https://net54baseball.com/showthread.php?t=296679
https://authy.com/blog/two-factor-au...tter-security/

[chalupacollects]

When the dust settles I would set my target on the hacker... You already have a bank account number and cell number... Might as well file a police report and see what happens..

[steve B]

Quote:

Originally Posted by chalupacollects

When the dust settles I would set my target on the hacker... You already have a bank account number and cell number... Might as well file a police report and see what happens..

Both of them are probably unwitting intermediaries.
Steal money from one Paypal account, send it to another compromised account. Enough iterations, and it's unlikely someone at PP will follow it all the way to the actual scammer.