hacked paypal account, how screwed am I?

[jfall]

I woke up this morning and found 8 paypal receipts in my email for random amounts to random people which I did not authorize. I logged into paypal and sure enough they were all listed there. Funded instantly from my bank account.

I disputed all of the transactions, changed every password to everything I have and ran Norton, Nod32, Adware and AVG (all updated) and did not find any viruses.

So I go out for an hour, come back and there is another $500.00 sent from the account. Despite finding no viruses, and changing all of my passwords.

I disputed everything then called paypal and they said they locked out the account. Do you think there will be any problems getting all of my money back?

 

[Anubis]

ouch that sucks, what sucks even worse is that paypal isnt gonna do shit for you

 

[Baked]

Was your pw Abc123?

 

[OCGuy]

Who is your bank? I would do a fraud dispute directly with them as well.

 

[Brainonska511]

Originally posted by: Ocguy31
Who is your bank? I would do a fraud dispute directly with them as well.

Especially considering how your liability at the bank jumps from $50 after the first 2 days from the incident to the entire amount of the charges.

 

[Ktulu]

This reminds me, it's probably a good time to update all my passwords.

 

[jfall]

My password is strong. I've worked in server/network administration/security for a while. I run a clean system. It's scary to think how they would have gotten in the first time, even scarier to think how they got in the second time. It could be on Paypal's end, I really don't see how it could have been on mine.

The funny thing is that they didn't change my email address or password.

 

[Maximus96]

this reminds me of how glad i am to linked a wamu account to paypal with $1.50 in it.

 

[daveshel]

The only safe paypal account is a closed paypal account.

 

[Leros]

That sucks. Reminds me what I don't have my Paypal connected to anything and I keep it as low as possible.

Credit cards have protections, banks can help you, Paypal won't do crap for you.

 

[jfall]

Well after all of this is resolved my Paypal account is being closed. They sent me a "security" device that gives me a unique key every time I login but I still will never trust it again.

 

[AkumaX]

12345? that's the combination on my luggage!

 

[OdiN]

Originally posted by: jfall
Well after all of this is resolved my Paypal account is being closed. They sent me a "security" device that gives me a unique key every time I login but I still will never trust it again.

It's basically a OTK - should be secure.

Probably using RSA?

 

[BurnItDwn]

You probably have a keylogger on your system.
antiviral software is great for virii, but it usually sucks for just about everything else ...

Do you have a firewall running on your machine?
If you do, is it actually "running" or did it shut down, or appear to shut down on it's own?

If you kill all your Firefox/MSIE/Opera/Chrome etc windows, do you still have a browser showing up in your running process lists? What if you kill it?

I've dealt with keyloggers before and they are a bitch to track down ....

 

[nerp]

Yeah you're owned somewhere.

Did you download a crack for an app on demonoid or The p1r5t3 bey recently? It's an excellent way to get people to run private, closed source, suspicious .exes.

 

[buzzsaw13]

happened to me a few weeks ago. I got this email all in chinese for a transaction for "ebay sellers fees." Changed all my passwords and Paypal got my money back to me within 2 weeks.

 

[Injury]

Did you run hijackThis and ensure that EVERYTHING listed is valid? If not, running the other crap is pretty much pointless, especially Norton.

Just to be certain, when you got these transactions in your email, did you click a link in them to go to paypal to update things? Were these images fraudulent or are the headers showing that they ARE from paypal and not some phising attempt (that worked.)?

Additionally, go with the suggestion of filing a fraud alert on all the transactions with your bank, make sure you paypal account stays locked FOREVER and when this is all over, close it. Paypal licks balls.

 

[mzinz165]

Use the Windows Character Map to choose your password, then copy paste it. If you have a keylogger, he watched you enter your old password then a new one twice. With the character map he will have no clue.

 

[Xylitol]

Originally posted by: Maximus96
this reminds me of how glad i am to linked a wamu account to paypal with $1.50 in it.

that's almost even worse. you're gonna get charged an overdraw fee if someone hacks in and spends money

 

[hanoverphist]

Originally posted by: jfall
My password is strong. I've worked in server/network administration/security for a while. I run a clean system. It's scary to think how they would have gotten in the first time, even scarier to think how they got in the second time. It could be on Paypal's end, I really don't see how it could have been on mine.

The funny thing is that they didn't change my email address or password.

maybe you did it while sleeping. sleep surfin mebbe? that would be funny. to me at least.

 

[spidey07]

Originally posted by: mzinz165
Use the Windows Character Map to choose your password, then copy paste it. If you have a keylogger, he watched you enter your old password then a new one twice. With the character map he will have no clue.

All of those problems are solved with one time passwords/tokens.

 

[Gamingphreek]

You should really, if you worked in Network Security, be monitoring your computer right now instead of asking us.

PayPal sends information from their main page via a Secure HTML connection. The problem isn't on their end - I would imagine hacking an SSL packet would be darn near impossible. If that were the case they would have reports of this happening everywhere and this would be a huge problem.

1. Run HijackThis
2. Open up Netstat -a (assuming you use Windows) and look at all your connections.
3. Open up your System process and look for something that shouldn't be there.
4. Scan your ports and look for any ports that might be open or unmasked that shouldn't be.
5. Check and make sure your DNS Cache isn't poisoned (ipconfig /flushdns and then www.doxpara.org and check your DNS server)

-Kevin

 

[SoundTheSurrender]

A good paypal account is one that isn't linked to a bank account!

 

[PieIsAwesome]

Originally posted by: Xylitol

Originally posted by: Maximus96
this reminds me of how glad i am to linked a wamu account to paypal with $1.50 in it.

that's almost even worse. you're gonna get charged an overdraw fee if someone hacks in and spends money

Wouldn't it be possible to get a bank to block all paypal withdrawals?

 

[nublikescake]

Well the only two options are:

1) The hacker still has access to your computer (keylogger) and thus has knowledge of your passwords at any given time.
2) It's a mix-up/error with Paypal and probably not something malicious.

You can try changing your Paypal password from a different, clean computer and see if the hacker can still make transactions (hopefully not!).