So Not Impressed (PayPal Hack)

I come home from the gym and see that $56.49 USD ($57.97 CAD) has been deducted from my bank account to pay hong kong net-flying investment & consuiting limited . I've never heard of them.

The information given about the transactions indicate:

Game Server: Sparta
Character Name: elixirs_baby

There was a second email indicating that the $56.49 USD was refunded to me, and that there was now a hold on those funds for 6 to 8 business days.

I called PayPal to make sure that my account was refunded the exact amount of CAD that I was deducted.

I then asked how there came to be a deduction from my PayPal account that I didn't authorize to a company that I've never heard of and to which I have no prior agreement with to take money from my PayPal account automatically.

She said that someone who knew my email address must have somehow figured out my password. But it seems that's all they knew because there was no attempt made to try and change passwords or other information.

Anyway, I'm lucky. I am not out of pocket any money. I went and changed my password from a very secure one to a very, very, very, very secure one (one that I had to write down for myself at home because there is no way in heck I would remember it otherwise), and I changed my secret questions and answers too.

I also found out that the hold of funds is on PayPal's side, because when you pay by debit card they advance you the money and put a hold on your funds so that they get payment. Given the fact that a refund was given, the hold on my funds was removed because PayPal got back their advanced sum.

I don't know how this came to happen. I never ever click on those PayPal emails, even if they have my full name on them. I always, always use my bookmarked link to PayPal to get to the website. So I know it wasn't "phished".

I suggest that everyone go and change their password and secret questions just to be safe. Make it a really wild and complicated password complete with small and capital letters and numbers mixed into it. The longer the better.

Yea, I use to like the "Twinkies Password" theory however even that has become an easy hack, if the hacker is using a password audit software.

That's good that you got your money back though and you weren't out by too much.

I plan on prosecuting! I am trying to find out what game has a server called "Sparta", and once I know that I can contact the police and they can contact PayPal and this hong kong company to find out the ISP and other information for the person.

Wow, I can hardly believe that happened to a paypal site!

How were you notified of the deduction from your account? I've had a Paypal account for about 8 years. I usually use it for e-Bay, but I've used it on several other sites that accept it too. I usually get an e-mail that states that the transaction has taken place. I only use my ISP e-mail address for Paypal, but I always get phishing e-mails to my yahoo account.

Originally Posted by Pookie-poo

How were you notified of the deduction from your account? I've had a Paypal account for about 8 years. I usually use it for e-Bay, but I've used it on several other sites that accept it too. I usually get an e-mail that states that the transaction has taken place. I only use my ISP e-mail address for Paypal, but I always get phishing e-mails to my yahoo account.

Click to expand...

I got a normal email directed to me with my full name saying that I have made a payment to that company.

There was a second email with my full name that said that the payment was refunded.

We didn't have it happen where any money was stolen (or attempted to) but since we have a spotless feedback record, someone did hack into our Ebay/Paypal account and post a LOT of fraud auctions. Since we don't do that much business, Ebay called us to see if they were legit, and advised us to change passwords. Our password is now LARGE, but we haven't been hacked again.

SilkRoad Online has a Sparta server

I think Paypal may be having problems. I got an email the other day stating that a transaction for someone on ebay I had bought from before had been declined by my credit card. Checked ebay and the auction was real and had been won by someone else. Checked with my bank and paypal had never put in a request for the money. I usually have paypal take funds out of my bank account rather than my credit card so something was definitely up.

I called paypal and they could see my transactions and that transaction ID was not on my account, they double checked with accounting on their end and the other person's credit card had refused payment and they are not all too sure how I got an email. I am going to be using my credit card rather than paypal for a while.

Originally Posted by Natalie_ca

I plan on prosecuting! I am trying to find out what game has a server called "Sparta", and once I know that I can contact the police and they can contact PayPal and this hong kong company to find out the ISP and other information for the person.

Click to expand...

Careful though, spoofing any name server, IP Address, username, email address, etc is very, very simple to do in the hacker world. You could wind up prosecuting a company or gaming site that really had nothing to do with the hack itself.

If you are very careful about not clicking on paypal links in emails and such, perhaps it was someone that you know? Maybe someone oversaw you typing it in? At least you got the money back, and everything sorted out right away.

My eBay account was hacked in November and is just now completely cleared up. eBay was aware that I did not order the items as it was not my IP address that the orders were made from, not the type of items I order (very expensive electronics from France).
I never place an order from any other computer, so it was random hacking that got me.

I changed all of my email adresses.

My thoughts are that this all happened on Paypal's end..sounds like there may have been a breach that they don't (didn't) know about.

Wow, that is so scary to hear Linda, I'm glad you won't be out of pocket.

Mine was 1/16/08 & 3 debits (total $1560!) were made to an UNCONFIRMED Paypal user in China! Logon was NOT from my area, which should have flagged it. I saw the emails confirming & did not click on links. Opened a new browser window & saw they really hit my PP account- called PP immediately!

They said these were obvious fakes & SHOULD have been caught by Paypal (how reassuring!)... I immediately changed ALL my PW's, security questions for Ebay, Paypal, banks, etc.

A comment was made about "something" that happened at PP in mid-December, which sounds like they knew there was a breach & didn't bother to tell users since PP would lose $. Boy, that would be a lawsuit if it happened!

It took several weeks & much of my time, but I got my money back. And PP sent me a security key device- consider getting one!

The day I called PayPal about this they assured me that because the money had been refunded by the recipient that the transaction was nullified and the money would not be taken from my bank account.

PayPal took the money anyway!! I called them and spent 1/2 hour on the phone with them (long distance at my expense!) demanding that they refund me that money immediately because I needed it for groceries (true). They said that there was nothing they could do and that it had to go through the process... x number of days before it could be refunded to me, but the refund would go by way of my Pay Pal account. If I wanted to have it back in my bank account I would have to send the money myself and it would take up to 14 business days to reach my bank. Of course when I send money to my bank account from Pay Pal, I'm charged a percentage of the amount as a FEE!

I got fed up and hung up on the guy. I called my bank and filed a fraud claim and they reversed the transaction instantly.

I'm so not impressed with Pay Pal!

I'm not sure what is going on!

I just got an email from PayPal saying that my credit card information was denied (it's closed actually). I looked at my PayPal account and see that it's all connected to that fraudulant charge from February 10th. I can't follow the trail because it's confusing.

I'm waiting for my ISP to call me back and I'm going to ask for a brand new email address. I will create a new paypal account using that email address. Then I will go and delete my bank account information from my current PayPal account so that it can only receive and transfer money from within PayPal. Any funds received in there on behalf of my Web Site, I'll just send to myself at my new Pay Pal account where I will then be able to make payments or bank transfers.

I will also ask about a security key device. Not sure what that is exactly.