So my Paypal account was hacked at exactly 10:01am this morning. In the many years that I have been doing online transactions, I’ve gotten used to frauds and hacks but this one from Paypal (Unauthorized Transaction) is the biggest so far.
Just woken up before 10am this morning and was checking the blog when I received an email alert from Paypal (thanks to the GMail pop-up alert plugin). The heading says something like “Password Reset” so I immediately logged into my email and check what it was.
Realizing that someone tried to submit a “Forgot Password” request, I went to Paypal and logged in. After 2 failed attempts, I concluded someone got in and changed my password. But how? First came to mind was one of the email accounts attached to my Paypal account was hacked and used to reset the password.
Knowing that my GMail is still working (and is my primary Paypal account), I hurriedly went and did another password reset. Good thing I had my bank account details ready.
After being able to log back again, I found that funds were transferred to another account (that was fast! it only took him minutes). Unfortunately, it was a sizable amount.
The first thing I did was remove all the other email accounts linked to Paypal so the hacker can’t request another password change. I also changed my passwords and details.
I then filed for Dispute with Paypal. I thought this would be easy and will be resolved in my favor. Besides, I am the one claiming the transaction was un-authorized — the burden is on the recipient to prove otherwise. I had confidence it will be alright and done with.
Around 30 to 45 minutes later, I received an email from Paypal stating the transaction is valid. What? The recipient had a Non-US, Un-verified account. Paypal did not give any details why they decided against the claimant (me) and approved the transaction and closed the dispute.
There was no other way to re-open the case so I tried calling Paypal US but the Web PIN they gave me doesn’t work and I could not get thru.
Still thinking of ways to re-open that dispute. Will update once I get things cleared.
Update: Hacker got back again using password reset. They also changed my primary email so I am locked out now (it looks like they added a new email, [email protected], and then made it primary email then deleted my email accounts). Already send an email to PayPal support, DMed @AskPaypal and tried calling the US number many times to no avail.
Update 2: I believe it was my fault that I did not immediately changed my GMail account. It was the one that was compromised although the password on the email was not changed the first time around that’s why I did not suspect the initial breach to come from there. I have since added the 2-step authentication method which also requires a PIN sent thru my mobile phone via SMS.
I also called my credit card company and asked if there were any charges passed on thru Paypal and glad that there have been none. I alerted them of the possibility though and they suggested I monitor it from time to time.
Update 3: After a few exchanges with @askpaypal over Twitter, a Paypal US rep called me last night over the phone and helped me restore my account. I have since gained back my original Paypal account. The 2 fund transfers made are also now under investigation.
Update 4: I just got an email stating that my claim for un-authorized transfer has been denied due to lack of evidence. I thought that after establishing that my account was hacked, it would have been evidence enough. I’m making an appeal.
Update 5: Both of the un-authorized transfers have now been reversed and everything is back to normal. Thanks to Paypal for the quick response and to all those who extended the help (local PR, agency, fellow tweeps and especially @askpaypal). That’s 32 hours from incident to resolution.
How can I dispute? I am having the same problem like you now Sir Yuga. My paypal account was hacked too. Just now. I need help please.
I also got hacked two days ago. Someone used my paypal account to subscribe to a monthly service. Its $59 a month. I am not usually checking my paypal but good thing I had to check yesterday to transfer money to my bank and I found out the subscription I am paying which I didn’t know. Right away I sent a dispute to paypal and also emailed the company where I said I was subscribing. I cancelled my subscription right away and still waiting If I could get a refund.
tama. . I am quite sure na si Ervin Abellanosa and gumawa niyo kasi I was scammed by him recently. If na scam din kayo, pwede tayo magtulungan para mahuli itong baklang ito. Ervin Abellanosa name. Text me if want niyo makipagtulungan para mahuli ito.. 0905-3277166
So I changed my password now in Paypal and checked other security settings. I think Paypal should add more security feature when sending funds. Like in EON, a transaction password which is different from the password should be entered before a transfer pass thru.
Glad to know that it has been resolved.
i think someone watching you here….ive checked your contact details. is your email and paypal account is the same?
shouldnt you report this to the authorities? or nbi?
Sir Abe, after the dust settles down on this and after you find out how exactly the hacker got your account, maybe you could provide us some tips on how we can really secure our online accounts.
For starters, I’m already done with the 2 step verification with Google, any thing else we should look into? :)
thanks in advance :)
Here’s a blog regarding this hacker.
The gay is from Cebu!
tama. eto nga yung gumawa nito. I am quite sure kasi I was scammed by him recently. If na scam din kayo, pwede tayo magtulungan para mahuli itong baklang ito. Ervin Abellanosa name. Text me if want niyo makipagtulungan para mahuli ito.. 0905-3277166
Probably Paypal realizes that they are messing with the wrong guy! the biggest tech blogger in the Philippines :)
It’s good thing they have @AskPayPal! Mas mabilis ang response compared to filing a dispute sa account mo.
This happened to me last May 10. I was surprised when I saw 4 payments that were made which I didn’t authorize. The amount involved is very big and I immediately called PayPal to report. Here are some emails that I found during the hacking incident.
Here’s a tip. If you’re linking your bank account in your PayPal account. Make sure you’re the only one who knows the full account number. This is maybe how Yuga got hacked because your account numbers are visible on your website.
so relieved you got your account and money back. I even tweeted @askpaypal to make sure they worked on it.
@Jun yeah that’s what I think too, but I hope that’s not the case.
Congrats for getting your account and funds back.
Great that resolved ultimately. But you are a big influence in the Phil. Tech industry. What if the same thing happens to us lowly souls?
still this is scarry.. i think they consider your appeal coz they find out that your a famous blogger and it will have greater impact on users here and abroad.. so for all paypal user.. dont let a big amount of money to your paypal account.. always withdraw your money and left a little.. just a precautionary measure..