Paypal

[drew_goring]

Well, until now after having my Paypal account for over 5 years (with the same simple password ) I haven't had any issues. On Jan. 31, I get an email from Paypal saying that my account has been frozen and I had to confirm my identity. I was under the impression that this was just a random thing. I logged in and it made me change my password and security question. It turns out that a hacker somehow figured out my password, logged into my account and spent 60 bucks. Already by this time Paypal had started a payment dispute and within a week I had the money back. This was very scary because the person who accessed my account had full access to withdraw money from my primary bank account.

For that Paypal gets two thumbs up for me. Within 24 hours of this happening (without my knowledge at all) they had my account locked and started a payment dispute.

For some reason I missed the initial payment email in my inbox. I have no idea how paypal realized that my account was hacked. I am assuming they used IP addresses, but I am not sure.

I just wanted to share my positive experience with Paypal.

[COMB2]

Cool

I use paypal for everything

[Shagaroo]

On Jan. 31, I get an email from Paypal saying that my account has been frozen and I had to confirm my identity ... I logged in and it made me change my password and security question. It turns out that a hacker somehow figured out my password,

Sounds like you got Phished... Hook, line and stinker!

http://www.paypal.com/cgi-bin/webscr...ySpoof-outside
http://antivirus.about.com/cs/emails...lebayscam5.htm
http://www.whitecanyon.com/newslette...scam-02-06.php

[drew_goring]

Sounds like you got Phished... Hook, line and stinker!

http://www.paypal.com/cgi-bin/webscr...ySpoof-outside
http://antivirus.about.com/cs/emails...lebayscam5.htm
http://www.whitecanyon.com/newslette...scam-02-06.php

Nope. Although I do have the sum of one hundred thousand united states dollars coming any day now via western union...

That is what I first thought when I got the email. Then I looked back and I got a transaction record email from paypal the day before that I didn't notice saying that I paid 60 bucks for a 1 year membership to megaupload, which I didn't.

I logged into my paypal account (not clicking on any email links because phishing was what I suspected), and was forced right away to change my password, security question and confirm my address (via phone which I have yet to do).

They also started a dispute for me and on the 7th I got my money back, and it is in my PP account.

[drew_goring]

Sounds like you got Phished... Hook, line and stinker!

http://www.paypal.com/cgi-bin/webscr...ySpoof-outside
http://antivirus.about.com/cs/emails...lebayscam5.htm
http://www.whitecanyon.com/newslette...scam-02-06.php

Here's the email that I got on Feb. 1...the day after the purchase was made on my account.

[mills]

That's awesome that their security is that good. I get those paypal phishing emails now and then, and it always gives you a jump when it says that somebody used your account. Glad you got your money back.

[aceswired]

I had my Ebay account hacked at some point. I could no longer log into the account - password didn't work, security question didn't work. Emailed ebay, they told me I'd been hacked and would email me a new password.

The email never came. Not in my inbox, not in my junk mail folder. Emailed to ask them to resend it, could not get a proper reply (just form responses that didn't speak to my request at all). Finally gave up and still don't have any access.

Sounds like Paypal's support is a hell of a lot better than Ebay's.

[drew_goring]

I had my Ebay account hacked at some point. I could no longer log into the account - password didn't work, security question didn't work. Emailed ebay, they told me I'd been hacked and would email me a new password.

The email never came. Not in my inbox, not in my junk mail folder. Emailed to ask them to resend it, could not get a proper reply (just form responses that didn't speak to my request at all). Finally gave up and still don't have any access.

Sounds like Paypal's support is a hell of a lot better than Ebay's.

I think if I had to contact them about anything I might have had a different experience. I never once had to email somebody, or wait for an email. I just can't believe how they determined that somebody unauthorized used my account, and then started a dispute for me...before I had any idea something happened.

[SkinnyDan]

Sounds like Paypal's support is a hell of a lot better than Ebay's.

One would think that their customer support would be the same, seeing as Ebay owns PayPal

[Monk]

Drew how crap was your password? was it "igloo1" again?

Maybe they knew because there was an internal breach where there was some password compromises, or they detected a brute force attack and then checked the password strengths. That is my guess.

Remember everyone: use STRONG PASSWORDS! Over 7 characters in length with a combination of a symbol, a number, uppercase and lowercase!

And change it every 60 days!

-W.

[aceswired]

Remember everyone: use STRONG PASSWORDS! Over 7 characters in length with a combination of a symbol, a number, uppercase and lowercase!

And change it every 60 days!

Haha - then I'd be locked out of every account I own, because I'm not nearly organized to keep up with that.

[Monk]

Haha - then I'd be locked out of every account I own, because I'm not nearly organized to keep up with that.

hehe. Well a good secret is to make it a phrase or something substituted in a kind of 'leetspeak (I know, I know terrible but it works). So for example Drew should have used My1gl00! instead as a password

-W.

[drew_goring]

hehe. Well a good secret is to make it a phrase or something substituted in a kind of 'leetspeak (I know, I know terrible but it works). So for example Drew should have used My1gl00! instead as a password

-W.

That is a great idea. I have used the same simple password for basically all of my online accounts for the past 5 years. Now I have it changed to a combination of letters, symbols and numbers. A great lesson for me to learn that could have turned out A LOT worse.

[drew_goring]

Drew how crap was your password? was it "igloo1" again?

Maybe they knew because there was an internal breach where there was some password compromises, or they detected a brute force attack and then checked the password strengths. That is my guess.

Remember everyone: use STRONG PASSWORDS! Over 7 characters in length with a combination of a symbol, a number, uppercase and lowercase!

And change it every 60 days!

-W.

I am assuming brute force as well, although I am sure there are some things that I have signed up for in the past with the same password may have contributed to it as well.

edit: actually igloo1 was a lot stronger than my old password...

[Shagaroo]

Nope. Although I do have the sum of one hundred thousand united states dollars coming any day now via western union...

That is what I first thought when I got the email. Then I looked back and I got a transaction record email from paypal the day before that I didn't notice saying that I paid 60 bucks for a 1 year membership to megaupload, which I didn't.

I logged into my paypal account (not clicking on any email links because phishing was what I suspected), and was forced right away to change my password, security question and confirm my address (via phone which I have yet to do).

They also started a dispute for me and on the 7th I got my money back, and it is in my PP account.

Interesting. Guess you just gotta quit downloading all the goatse porn or get a trojan checker...

[drew_goring]

Interesting. Guess you just gotta quit downloading all the goatse porn or get a trojan checker...

What I am thinking is it was a forum or something that somebody accessed the password through. I know that most encrypt the passwords, but a lot I guess don't either.

So you think having tubgirl as my homepage has something to do with it??

[drew_goring]

Oh, and if I told you what my password has been for the last 5 years, you would laugh at how simple it is. Any simple cracking program out be able to figure it out.

It's dumb because I know better too...I just though it could never happen to me.

[Shelby07]

I am assuming brute force as well, although I am sure there are some things that I have signed up for in the past with the same password may have contributed to it as well.

edit: actually igloo1 was a lot stronger than my old password...

Brute force is tough if you have a good password. Encryption is one way, i.e., ther is no way to take an encrypted string and decrypt it back to the original. Most brute force password crackers will encrypt common words followed by a "1" or a "2" and compare the resulting encrypted string.

I have found that taking a sentence or two and using the first letters of each word works well, then replace some of the letters with numbers. For example

The days of summer are blazingly hot!

would be

Td0sabh!

(no... I never used that one.)

We ran brute force crackers years ago against several UNIX accounts and found that "susan1" and "susan2" were the most popular.

[mace85]

I cancelled my Ebay account because someone other than me gained access and bid $1,000 on a pair of floral print mens jeans. Yeah, not only was I scammed, but the scammer must have been....well....you know....

I cancelled my PayPal account after a friend had their funds frozen after buying a part for their AR-15. It seems that PayPal has a strict anti-gun tilt. Even when conducting buisness with certain people (totally legal, legit buisness), or anything pertaining to firearms PayPal reserves the right to freeze assets. Obivously I left.

I look at it this way, in todays political climate if a private buisness wants to attack firearms because they are politically incorrect, now far behind is tobacco?

I am a shooter, and cigar smoker. I couldn't justify supporting their buisness anymore.