Re: PayPal hacking Part 1
Re: PayPal hacking Part 1
- Subject: Re: PayPal hacking Part 1
- From: List Mom - Janice Kempf <email@hidden>
- Date: Fri, 25 Jul 2003 22:46:51 -0700
Hi all,
I am more than willing to share this adventure with all of you. I do hope
you will pass this along to all your MUG members, friends and family (and
strangers standing in line, as I do <lol>). This is long, but so much
happened that I can't make it any shorter. Because of the length of the
post, I have to post in 2 parts. Apologies up front. Also, it is not my
intention to generate FUD (Fear, Uncertainty, Doubt), but rather to have you
learn from my experience.
The Hacking (actually, it's a "Cracking"):
On July 2, 2003, as I was checking my e-mail I saw a payment verification
for an e-check for $2,000 from PayPal. Then a 2nd email for $1,000. on my
debit card. All withdrawals happened in 6 minutes.
I phoned PayPal immediately on my cell phone and my bank, at the same time,
on my landline. My bank immediately put a stop payment on the $2,000
e-check. I then closed my bank account and my debit card (had to go to the
bank later that day and physically withdraw my money and open up a brand new
account. You must do this so the hacker/crackers cannot follow your bank
money trail and hit your new accounts.
As I was talking to both my bank and PayPal, a 3rd payment verification on
my Debit card hit my PayPal account. PayPal immediately reversed it. Since
the first $1,000 charge to my debit card had already gone through to my
bank, there was nothing either could do but put me through the hoops of
paperwork (several notarized forms which had to be mail "overnight").
When I first phoned PayPal, they wanted to verify that I was in fact "Janice
Kempf" and needed to send me an e-mail to my primary account, which was
email@hidden. My Mac.com account refused to allow me entry. They allowed
me to identify myself through other means.
When I was finished with the bank and PayPal, I immediately went to the
mac.com website and found I was locked out. I called Apple, explained my
situation and they immediately put me through to the good folks at .MAC.
They checked my account and found that someone had "guessed" my (stupid)
dictionary password and changed my log in, password, and password phrase.
(Please read! Apple nor .Mac was hacked!!)
Then I realized the same had happened to my ISP account (mediacom cable).
Phoned them immediately and got back in to change my passwords, etc.
Were these two incidents (PayPal and the e-mail accounts) perpetrated by the
same person/s? Have no idea. Was this an isolated personal attack on me? I
don't think so. I do know that they changed my password Phrase to "dude,
you've been hacked" on both my e-mail accounts. Obviously this is a young
guy, possibly from the west coast, that has way too much time on his hands.
There is a very interesting Hacker/Cracker Profile by MIT head of network
security, Jeffrey Schiller <
http://tinyurl.com/i3fv>. I keep this article
bookmarked.
Now I know some of you are wondering: Was she stupid enough to use the same
password and log in for all 4 of these? No. My 2 e-mail accounts were the
same password (DUH), but my PayPal and e-Bay were totally different, and
each had very complicated alpha/numeric passwords and totally unrelated
Password Phrase. How then did they get it? Everything points to the fact
that PayPal was hacked. They won't admit it, but it's been all over the web
about various people having their PayPal account hacked and their bank
accounts tapped. Last year even Dan Knight at lowendmac got nailed
<
http://www.lowendmac.com/musings/02/0808.html>.
My bank and PayPal, both insisted that I immediately phone the FBI and my
local P.D.. So there I am, on my cell phone with the FBI, 2 local police
officers in my living room, and my landline rings and it's Ira Haynes, Apple
Security, calling to get more details about my .MAC hacking. This is when
you realize you are having a really bad day! <lol>
I sincerely believe that if anyone is going to catch these "I'm too lazy to
get off my ass and get a real job cuz this is too easy" thieves, it's going
to be Apple Security Team.
I saw several more attempts on my bank account, via PayPal, that day, but
the accounts were closed. I received forged PayPal e-mail for a week trying
to suck me in with very convincing e-mails telling me that my account was
under investigation, "here is your case number", and to now "click here and
reenter your info to lift the limitation". Only way I knew they were *not*
from PayPal was by forwarding them to "<email@hidden>, who
immediately confirmed that they were indeed forged and not from PayPal.
PayPal has made me jump though some hoops, which is absolutely necessary,
and dealing with the police *and* the FBI was not something I foresaw in my
future! However, they were all very nice to me, and very compassionate
during my total hysterical meltdown.
PayPal is refunding my $1,000.
_______________________________________________
augd mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/augd
Do not post admin requests to the list. They will be ignored.