cancel
Showing results for 
Search instead for 
Did you mean: 

E-Privacy (Postscript)

Level 15

I find it ironic that as the author of E-Privacy, my own personal PayPal account got hacked into over the weekend. Needless to say, I was robbed of more than $300. I understand the humor here so please take a moment to laugh. Done? Good, now let's learn from this unfortunate event.

Password Protection

After speaking at length with the security people at both PayPal and my bank, I have a pretty good picture of how the thieves pilfered my account. My account was the victim of a brute force attack. From what I've learned, the thieves used this method to attack multiple random accounts until access was granted. Once access was granted, the thieves would steal a small sum of money in the hopes of having hacked a corporate account, where the absence of such small sums often goes unnoticed. At the time, my password was eight characters long and a mixture of various alphanumeric characters. I thought a password of this strength was fairly safe seeing as how the code to launch nuclear weapons in the movie WarGames was only ten characters. (Let's pray the government sees this article and ups their nuclear warhead codes to at least 128-bit encryption!)
codes.jpg

The Discovery

Saturday morning I received several emails from PayPal confirming that my "donation to Africa" had been processed. At first, I thought this was just your typical phishing scam. However, as a matter of practice, I manually logged into my accounts (as opposed to clicking the links in the emails - never do that) to verify my money was safe. It was not. The money actually was removed from my bank account via PayPal and transferred out of the country.

SolarWinds Customer?

Fortunately for the SolarWinds customer, our products, like NPM, SAM, and WPM, among others, are very secure and continue to grow stronger at breakneck speed.

The Postscript

Even after taking all possible precautions, I was still vulnerable. At this point, the only thing left to do was to create longer and more difficult passwords and disassociate my bank account with PayPal (at least temporarily). The good news is I will get my money back. The bad news is...the hassle just sucks.

13 Comments
kevincrouch4
Level 13

I've been there. The hassle of it all does suck. My bank made me change bank account numbers and debit card numbers when I told them that my paypal had been hacked. Not just change it in paypal, ACTUALLY changing the account number at my bank.

I kind of wish Paypal would support the semi-standard way that Google, Microsoft, and several other big players do instead of the fob/sms only method they do now. When I'm at work, and several other places, I don't get cell service, but my phone is still on and working.

Bronx
Level 15

Another side note. Last time I drove across the country, the bank decided to cancel my card due to unusual, out-of-state activity. After four hours of yelling and waiting for them to turn it back on, I declared, "Call me FIRST! Ask if everything's cool. If not, THEN cancel the thing. If my card is lost or stolen I WILL CONTACT YOU IMMEDIATELY!! Do you really think I'll let the card hang out there in the wild for a month or so before I get around to calling you??"

Suffice to say, they got the message.

kevincrouch4
Level 13

A lot of people think that they can just let the card chill and they’re not responsible “Oh, but that’s not my signature, I’m not responsible” “I didn’t give them my pin you shouldn’t have taken it” and the like. You are only not responsible for a CERTAIN AMOUNT of any charges on your card. On all the debit cards I’ve had it’s been $500 and all my credit cards I think it’s been $1000. After that, you can be responsible for it. Also, if you wait an extraordinarily long time to report it, you can be responsible for all of it for being negligent.

Bronx
Level 15

Life lesson #1694: RTFM.

kevincrouch4
Level 13

Yup. And, having worked at Best Buy, I’ve become horribly cynical in the “no one told me about it” front. It’s always freaking mentioned. Lord knows I mentioned protection plans on everyone’s phone unless they specifically said they don’t want one (I probably still mentioned it and gave them a brochure) but anytime someone breaks their phone it’s “No one told me! You should sell me a plan now!” (two years after you bought the phone and it’s already broken >.> ) “This is your fault because you didn’t tell me about the plan” (I’m pretty sure you’re the one who dropped your phone)

Bronx
Level 15

Ok, then explain this!
BB.png

Tablets - Best Buy

kevincrouch4
Level 13

Bronx
Level 15

LOL great!

clubjuggle
Level 13

PayPal now supports 2FA using the Verisign VIP Access app as a virtual token. It works even without a data connection (I tested it in airplane mode).

kevincrouch4
Level 13

Did you still have Wifi on while in airplane mode?

clubjuggle
Level 13

No. Verisign VIP and Google Authenticator are both timer based, much like a physical token.

kevincrouch4
Level 13

I actually work at best buy and I've had customers try that on me. My manager was about to make me match it (even though I was showing him on our computer that the price was wrong!) when I asked to see their tablet and hit refresh. They claimed it "must have changed in the last few minutes" >.> I hate people

jkump
Level 15

I found out my debit card was toasted by the Home Depot breach.  My bank called me, told me the issue, informed me that my card was dead, and informed me that I had to stop by and choose the "style" of my new card.  I had a replacement 24 hours later.  Sooner or later we are all going to go through this. 

About the Author
Who am I? • I met Robert Frost at the end of the road less traveled, and then pointed him in the right direction. • Einstein asked me to define "Up," and I did. • I cliff dive from airplanes. • On Christmas, Santa comes to me for gifts. • I play three-cushion billiards with one hand. • Lions ask for my protection (I speak Lion). • Bobby Fischer and I came to a stalemate while playing chess. • I have literally given a woman the shirt off of my back. • I have also helped an old lady cross the street. • I know what a dangling participle is. • Mozart bequeathed his Requiem to me, and I corrected it. • I was thrown out of an Eric Clapton concert twice in the same night for drawing too much attention to myself. • I am a verbose minimalist. • I am Bronx. Who are you?