PayPal Account Hacked

My account got hacked and compromised with all my bank cards and details being eased from earth my details all removed and adress slightly edited, is it possible to have my account restored to its normal state? Had this account over 20 years never downloaded or opened any emails entering my security details, how could this happen?

Related Stores

PayPal
PayPal
Marketplace

Comments

  • +17

    Did you contact PayPal support? This is OzBargain.

    • +2

      This is OzBargain.

      Wait, it's not Sparta?

      • +3

        After hours only. The night is young.

      • Sparta will be the first Tasmanian AFL team

    • +2

      Sir this is a Wendy's.

      • Well then. Best I turn around and not ask for a happy ending then.

  • -5

    PayPal not open untill Monday, only found out this happene as I don't normally check my emails, I had many emails stating my account was being updated from Paypal from 1 week ago untill today

    • +2

      So you waited 1 week to allow hackers to complete what ever they wanted to do with your account?

      • +19

        Don’t be an ass.. guy might be a 70 yr old who is not on his phone/computer all day everyday like you. Just offer help if you can or pass.

        • -1

          AS soon as you see something dodgy with anything seek help straight away, do not leave it a week.

          • @AndyC1: PayPal themselves won't login and remove cards from your accounts or change address details. They are licensed as a Bank in Australia so have all the same regulations have been for at least 10 or more years.
            As for people internally hacking PayPal accounts they would be prosecuted the same as banking staff and placed into prison as its classed as obtaining funds by deception. or fraud depending on the persons actions.
            So same treatment as the banks.

            • -1

              @[Deactivated]: How long would you wait before asking for help with a hacked account?

              • +2

                @AndyC1: @AndyC1 OP didn't wait a week, he just saw the emails from a week ago. Move on.

  • +2

    how could this happen?

    Optus, Medibank, Latitude Finance hack? Probably used the same username (email) and password

    Otherwise this touches on quite a number of ways your account could be hacked, more specifically points 1, 2, 3, 4 & 10

    • Was with Optus 20 years and left them 1 year ago. I restricted my account anyway with our changing anything, hopefully my history purchase and such will be restored

      • Anyone registered with them within 5 years (I think, could be wrong) had their information leaked, so you being with them up to 1 year ago makes you likely one of the 11 million that were affected.

        • But how is PayPal related to Optus I never use PayPal to pay my Optus bills? I have 3 PayPal accounts very similar email names and my main got hacked

          • +2

            @DEvok: Used the same username and password? That's pretty much what I'm getting at, otherwise the other article I linked in my first response pretty much covers any other possibility of how your account may have been hacked.

            • @Empharand: My PayPal is linked to my nab, eBay only, but have sent payments from PayPal to PayPal, oh wait also use it for eventcimemas

              • +1

                @DEvok: I'm sure PayPal will be able to find out what happened. Hopefully they can reverse any changes and reverse any fraudulent charges (if applicable). I would be changing your password if you haven't already and enable 2FA if that's an option.

                • @Empharand: Thanks for the intensive feedback mate. I had over 20 gift cards with 0 balance must have had the guy spewing with zero money lol

                  They changed phone number Aussie mobile, and removed all history and all cards, and my profile image only what gives?

                  • @DEvok: Tried doing a bit of detective work, calling the number pretending to be someone else etc?

              • @DEvok: Wait, so it was linked to your credit card and they removed it? That's not what a hacker would do, they'd go on a spending spree.

                Also, you can't delete account history on Paypal, you can only delete the account.

                It sounds like it's an account problem, not that you were hacked

    • Glanced quickly at article, and noticed they missed #1 reason - browser extensions. You should have none or just one, uBlock Origin.

  • +2

    Clicked on any dodgy links?

    Dodgy survey websites perhaps…?

    • -1

      No, I go to the certified ones recommended ones which many use, survey sites can easily comprehend the fakes

  • +7

    Do you have 2FA enabled?

  • +1

    Change your password and enable two factor asap if you still have access to the account.

    Then check if any transactions or trusted/linked payments have been made/set up

    If you don't have access, whatever credit or debit card you have linked you should be contacting to raise that it needs replacing

    If you don't have 2fa currently, you have reused a password that's been breached a learnt the valuable lesson about unique secure passwords and should be looking at using a password manager like bitwarden etc

  • Same thing happened with my partner. Changed address and I think something else too. called PayPal and after some security checks they restored the account. They suggested setting up MFA, to which we complied . I think the password was probably the culprit as my SO has a bad habit of using the same pws across various sites.

  • +3

    I've had my PayPal account hacked multiple times over the years.

    You can do all the security tricks in the world & still get hacked. Even stopped using it, doesn't make any diff.

    Came to the conclusion that it's happening internally within PayPal.

    • +1

      You can do all the security tricks in the world & still get hacked.

      If you're using a secure unique password and 2fa and still having your account hacked….
      Well, you're either a very high profile target or you aren't actually using a secure unique password and 2fa.

      • Computer generated password & 2FA both used. Now I just store an expired card to the account, then add my current one to the account for each single transaction. Then after that, I remove the current card. That my form of security now.

      • You really think Paypal is immune to insider threats?

        • +2

          I think if it was there would be much larger cases of it, and the odds they'd 'breach' the same person multiple times over years seems unlikely

          Which do you think is more likely in most cases?Insider attack or end user security issues?

          • -1

            @SBOB:

            I think if it was there would be much larger cases of it, and the odds they'd 'breach' the same person multiple times over years seems unlikely

            Companies don't want this to become news.

      • +1

        Or they have Spy-ware or Malware on their PC or phone or both or a Virus. This is why you need to run Anti virus software on all connected devices including mobile phones.

      • If you're using a strong, unique password and 2FA like a phone app, then the chances of getting hacked are low unless Paypal really messed up, and while Paypal can be dicks about removing accounts/money, I don't think they were hacked.

        It's also possible they hacked your E-mail and got access that way? There's many avenues they could have used to access it (E-mail hacking is one), which is why it's important to always use strong, unique passwords and 2FA apps when possible. I've had my E-mail hacked before, my mother has also, which is how the offender went on a buying spree with Paypal but we did a charge back since Paypal let the payment go through despite holding it for a week and she used a credit card on the account. I was personally thrilled when my E-mail provider added phone app 2FA, now I use that and a very strong/unique password and never had issues. In fact, any account that I have had with hacking issues were the ones that I couldn't have app 2FA enable on (Instagram was bad for it as well, so much more comforting when they added it in).

        It also pays to regularly check your devices for malware/virus/ect… Just to be sure.

  • +3

    Most of the PayPal account takeovers are not from user/password anymore, they’re from stolen user agent/cookie credentials (when it says “we’ve recognised you on this device so no need to sign in etc”) meaning it bypasses 2fa. Mostly originates from unwanted malware downloaded on your device (through dodgy link or attachments). I would recommend running an antivirus software on all of your devices. Call PayPal and explain the unauthorised changes and transactions and they are usually pretty good at refunding everything (from past experience). If not contact your bank and they will chargeback the transactions, including the ones via direct debit. Make sure you change all your passwords as well as if you did have malware on your device(s) it will most likely have scraped all your passwords etc

    • You sure cookie bypasses 2fa. I get 2fa prompts on all my devices regardless of remembered login or not.

      • +1

        I’m not completely sure how their fraud prevention algorithm works but if enough of the data is replicated (same location through ip, same type of device with same browser agent etc) it is definitely possible. Marketplaces on tor (dark web) are flooded with these type of credentials for sale at the moment. (Source: Company I work for does a lot of consultancy research for financial institutions etc advising on how to mitigate these type of attacks on customers)

        Edit: it comes down to paypal trying to reduce all the barriers to complete a purchase (more sales = more revenue through fees to them). They’re playing a dangerous game trying to balance fraud prevention and profit margins.

        • 100 percent possible for non 2fa, just surprised if it gets around 2fa enabled accounts as that would be very poor 2fa practice :)

          I always get annoyed by PayPal 2fa, but it's the lesser evil than no 2fa :)

          • @SBOB: Depends if you save the signin info in the browser or not, I would advise against doing that as 2FA won't be triggered until the browser session expires.
            So if you get a virus on your PC or phone in that time your kind of screwed.

      • Yes some cookies can bypass 2FA they use another cookie to do this generally. Especially if you click yes to remembering the login so you don't need to sign in. I avoid doing that on anything critical like banking.

  • May i ask if you used PayPal on a Windows based pc or laptop? I always advise family, friends and strangers always use ones mobile phone doing any form of banking, PayPal etc and always use the providers/institutions app, well banks for exampme will try every escuse if things go south with escuses like was you Windows upto date, browser upto date blah blah blah, if you use their provided mobile app mind you you cant use if its not updated to the latest (the app forces one to uodate), then again example the bank cant say blah blah blah its your fault, anyway the old days pcs where so slow one could tell if a virus was in ones pc, these days pc are so fast one would even know if ones pc is infected, by right anti-virus in Windows should stop the possibility but why bother taking the risk, agree with above 2FA certainly one should use always

    Anyway my two cents lolz 😆 🤪 😜

    Edit: important with 2FA make sure to keep a copy of backup codes or what I do,.. example google authenticator is have a clone authenticator on another mobile, I actually have on 3 of my mobiles cause if you can't get into your authenticator you certainly won't be able to get into your authenticated accounts

    • PayPal works fine on a PC browser just have 2FA enabled and start a new browsing session each time you login. Also ignore the option that the browser gives you to save the password that way no cookies are stored with the saved info and you need to authenticate each time you login.
      You can actually disable the save passwords function in the browser as well, but as passwords get more complex having them saved can save time. I know Chrome as an example encrypts all that data.
      But certainly for banks and PayPal and the like saving the password isn't always a good idea.

  • Hope you didn't lose too much or anything

    But cancel all cards linked to the PayPal account. Everything.

    Id also get onto PayPal.

    Unfortunately, once something is compromised, you'll have to put every card/account back in one by one (including thewaiting for 2 small deposits, etc.

    • Looks like my account is safe so far, need verification from nab to have money sent or used via phone number

  • My account was never logged in via pc, O ly with my iPhone 7 plus and Vivo android.

    Had several emails having multiple profile changes

    This is one
    You've added a new email address to your PayPal account

    This is to confirm that you've added a new email address ([email protected]) to your PayPal account.

    I won't play around with my account U till PayPal fixes the issue, so first name and last name remained same.

    Phone number, email, home address house number number change, avatar removed, and removal of all cards and history spendings, also Password was changed, I was able to have access to my account since they don't have access to my email adress so somehow could reset PW through primary email.

    Yesterday U chckedd youtub videos found a site said enter your email to see if it has been leaked onto the dark web are these sites legit?
    https://haveibeenpwned.com/

    • Yes that site is fine to use, it looks at the dark web to see if your password has been hacked before.

    • Given they've added a new email address to the account that is not a good sign as they can login and make that new email the primary address.
      I'd be contacting PayPal ASAP if you can login to your account they have a 24/7 number you can ring for support rather then the sales number login to your account and use the contact us option. Phone them.

      • I tried calling +61 1800 073 263 PayPal, but it keeps saying nothing is open only Monday- Friday bussines hours, tried every department via phone computer operator.

        • Yeah it tells me Monday to Friday 8AM to 8PM when I login.
          You should be able to raise a ticket in the resolution center though.

  • +1

    I had this issue once,

    Paypal did Dog$h!t dude,

    said there was no suspicious activity, of me buying some random GC of gaming site was totally normal somehow according to them, and changing my email too. Yes I had 2factor authentication enabled too to Google authenticator app.

    Luckily there was slight amount on my bank card used. I complained to bank that transaction was fraud, etc.
    Then after bank reversed that transaction paypal reversed the other paypal balance used too. I removed that dog $h!t 2FA from google authenticator app.

    That's why I don't trust these guys so much now since then, and rather trust my VISA/MASTERCARD issued bank cards more.

  • added sms security so it texts you a code every log in

  • +1

    Are your email accounts gmail etc or an ISP provided email address?

    • I'm using Hotmail for all my accounts

      • +1

        Do you have two factor authentication setup on Hotmail, PayPal and other accounts?

  • +2

    OP
    If I was you I'd read this. (all of it) Then consider lodging a complaint with AFCA (see the page linked). This issue may be more widespread than you think, and you would be doing the PPal clientele a favour, and it may assist you getting help,refunds and further info on what happened when,how,why. You have more clout with a regulator by your side than pushing the issue uphill with a string.
    https://www.paypal.com/au/smarthelp/complaints

  • +4

    PayPal account hacked, racking up too many demerit points and crashing into another car, now in arrears on rent …

    • Damnnnn…

      Too much free time = too many forum posts when should've been looking for a way to earn money!

  • I keep getting the 2FA texts from Paypal's number when I'm not trying to login:

    PayPal: 12345 is your security code. Don't share your code.

    I login via paypal.com (by typing not clicking links etc) and change to another unique password but it's happened 3 times in recent months.

    Also, does anyone know how to generate a one time passcode? I don't get the call us option on the contact page which is apparently where the code is generated.

    • I keep getting the 2FA texts from Paypal's number when I'm not trying to login:

      Someone's trying your account? Have a check on haveibeenpwned

      • I agree someone's trying the account but I've tried to replicate the login attempt and it seems they may the password. I only get the same texts at the 2FA stage.

        Yes, my email is on the breach list.

Login or Join to leave a comment