Thursday, May 21, 2015

spammed while my Paypal account was hacked

So I woke up one normal day and checked my email. I was surprised to see thousands of new emails all spam. Like almost everyone, I get daily spam, but decently, like around thirty emails.

I had no idea what this is was all about, but it definitely looked odd.
Most of these emails were already in the bulk folder, but I like to double check, because legitimate stuff gets there occasionally.

So I start scrolling...
And after fifteen minutes, I've spotted something like "You have added a new credit card to your account". All of a sudden, I realised what was happening and I rushed to login into my Paypal. Surprise, surprise, some a few hundreds were missing as withdrawal on that new credit card.

Fortunately, I've reacted in time and Paypal was able to reverse the process so I got my cash back. Then they also helped with some logs and I've managed to investigate and find out how all this was possible:

Many years ago I have used on a forum the same email and password for creating an account. Yes, I know it was stupid, but I think that was even before having a Paypal account. Now it seems like someone hacked that forum(or maybe the admin/owner shared it on purpose who knows) and tried all those user/pass pairs on Paypal website. And at least on mine, it worked! So they wanted to grab quickly some cash, and they added their credit card. Then they spammed me. But the spammed itself triggered my alertness so I don't know if it was such a smart move.

No comments: