Thread: My Pay Pal hacked - how??

This is interesting. Luckily enough Pay Pal refunded my money within minutes and it was a small amount of cash. Any thoughts?

Here's the timeline.

Bank phones me to tell me that my credit card *may* have been comprimised and they were issuing me a new one. Details were sketchy (or they couldn't say exactly what details they had) but they finally told me that a business I had bought from recently may have been 'comprimised'. The last 3 businesses I spent money on were komplett, google and an Irish hosting company.

I get the new credit card and log the new card details with PayPal

This morning I get a confirmation email from an online store regarding a purchase through PayPal. Normally I wouldn't pay this any attention or put it down to phishing but they list my account confirmation password as an actual password that I use for PayPal!

That's pretty much it. I've changed my password now and everything is sorted. I'm a little unsettled though as to how exactly they got a password
that I normally use. I am guessing that they somehow hacked direct into my PayPal account.

Any ideas? I am fully Virus and Spyware proof here so I don't think they were key logging etc. Incidentally, the PayPal password was the same used for one of the 3 businesses used above so I am kinda thinking that they were hacked themselves or breached maybe?

very strange situation as I don't think PayPal stores the password in plain text, so the weird thing is that your password was in the email you got.

PayPal never sends your password as is meant to be encrypted.
If you forgot it they send you a link to change it, of course after few verifications emails.

Do you store your passwords in your browsers? I find Firefox very unsecure for this kind of thing. All someone needs to do is to look at your stored passwords and you're ******ed. I'm amazed that they have yet to password protect their password manager.

Originally Posted by Cormac

I'm amazed that they have yet to password protect their password manager.

Yeah they do now.

@ Cormac
I do for some websites but not Pay Pal.

That is a scary story - could have easily gone much much worse

It's a horrible thought alright, someone getting into your paypal. Glad no serious harm came of it

Originally Posted by Cormac

I'm amazed that they have yet to password protect their password manager.

The master password feature has been there for a good while hasn't it ?