Paypal Theft!

[Casdawer]

SMS service activated!

Thanks for the link!

 

[matthab]

SMS service activated.

Cheers guys.

 

[JamesRJ]

Thanks for the SMS key link, now activated on my account.

 

[Uther]

Thanks for the SMS link!

 

[gav2pac]

had exact same thing happen to me about 6 years back, 2 transactions of around £170

 

[KIA]

How exactly do they manage to get money? I mean if someone has a decent password, hasn't clicked on any random phising emails and you're not selling anything at the moment.

Phished/keylogged, always.

 

[Strife212]

I'm sure I heard their API had a glitch at one point that allowed funds to be taken.

 

[KIA]

I'm sure I heard their API had a glitch at one point that allowed funds to be taken.

Proof?

 

[Aod]

Phished/keylogged, always.

I'm in the field of IT security (Digital forensics and systems security to be precise) - I've never been caught out by a phishing scam unless a previously-legitimate website has been hacked/gone naughty and intercepted my PP-login details while i was making a payment at some point.

I only log into paypal from my computers and my computers are clean and keylogger free.

it's a Mystery without a doubt.

What on earth are you doing with a balance sitting in your Paypal account? The few infrequent times I am unfortunate enough to deal with that company I don't leave a single penny sitting in there for more than 30 seconds.

Furthermore you should only have a credit card linked to the account with no direct debit set up with your bank, thus if ever a problem like this arises you can just call the CC company and have the money back hassle free.

i had the balance in my account as i returned something and the money was refunded there. i was planning to buy something else of a similar value and didn't want the hassle of depositing it into my account, waiting the x-many days it would take to arrive, then probably having to get it out the account again.

That said, the thing i was going to buy is no longer available so i might as well deposit it at this point.

 

[Dave85]

The sms thing is good when it works just tried to buy something on ebay 2 texts didnt turn up.

 

[Energize]

How exactly do they manage to get money? I mean if someone has a decent password, hasn't clicked on any random phising emails and you're not selling anything at the moment.

Keylogger?

Saying that however, someone accessed my ebay account without knowing the password, my paypal account using the same password was untouched so they couldn't have known it.

 

[Aod]

Keylogger?

Saying that however, someone accessed my ebay account without knowing the password, my paypal account using the same password was untouched so they couldn't have known it.

stuff like that is possible but then we're getting into the (complex) realm of things like session hijacking.

 

[Fr0dders]

SMS Security Key incase anyone else wants to sign up!

Everybody realises this is useless right ?

To log in you just click the "i have lost my security token" link and answer two of your random security questions and it lets you in.

I'm guessing if they can hack his account to get his password they also had his security answers too.

 

[Energize]

stuff like that is possible but then we're getting into the (complex) realm of things like session hijacking.

With ebay's lax security I wouldn't be surprised if someone hacked into their database and changed the password hash allowing them to login with a different password.

 

[Aod]

Everybody realises this is useless right ?

To log in you just click the "i have lost my security token" link and answer two of your random security questions and it lets you in.

I'm guessing if they can hack his account to get his password they also had his security answers too.

that's why when my proper token-thingy arrives i'm going to change the answers to my "security questions" (aka gaping backdoor) to some randomly generated gibberish.

until then, the Text-messaging service isn't reliable enough...

With ebay's lax security I wouldn't be surprised if someone hacked into their database and changed the password hash allowing them to login with a different password.

possible, but if that were the case then I wouldn't have been able to login afterwards...

 

[Energize]

possible, but if that were the case then I wouldn't have been able to login afterwards...

Unless they reverted it to it's original entry to cover their tracks.

 

[Aod]

Thats the sort of espionage action i'd expect to see if they were stealing like, £100,000, not £90

 

[KIA]

I'm in the field of IT security (Digital forensics and systems security to be precise) - I've never been caught out by a phishing scam unless a previously-legitimate website has been hacked/gone naughty and intercepted my PP-login details while i was making a payment at some point.

I only log into paypal from my computers and my computers are clean and keylogger free.

it's a Mystery without a doubt.

First time for everything!

I srsly doubt it's a mystery, you just slipped up, embarrassing but it happens!

With ebay's lax security I wouldn't be surprised if someone hacked into their database and changed the password hash allowing them to login with a different password.

 

[subbytna]

What on earth are you doing with a balance sitting in your Paypal account? The few infrequent times I am unfortunate enough to deal with that company I don't leave a single penny sitting in there for more than 30 seconds.

Furthermore you should only have a credit card linked to the account with no direct debit set up with your bank, thus if ever a problem like this arises you can just call the CC company and have the money back hassle free.

totally agree...if you need to you can link your debit card via paypal to pay for stuff...I never leave more than £10 in my paypal account...any money always goes straight back into my normal bank account