oldwestrec
|
posted on April 22, 2002 08:39:21 PM new
I have posted all the info here
http://www.zyworld.com/upper14/paypal.html
|
LaneFamily
|
posted on April 23, 2002 01:44:07 PM new
First I wold like to say excellent job of putting this together without showing too much emotion. You told a very clear story in my opinion. One I have heard several times before.
Thak you for sharing this with us.
Jim
|
Coonr
|
posted on April 24, 2002 09:04:51 AM new
oldwestrec,
The problem I see is when you log into Paypal, the system does not show your complete credit card number. If I remember correctly it is not even stored in the 'on-line' servers but in another system. So my question is, how did they get your credit card number, when you can not even see your own number?
[ edited by Coonr on Apr 24, 2002 09:05 AM ]
|
Flaoisland
|
posted on April 24, 2002 11:14:34 AM new
Coonr: The story is just saying someone logged into his account and made transfers from his debit credit card. I agree his phrasing could be better, but if you read the whole thing that's all he is saying.
|
Coonr
|
posted on April 24, 2002 12:33:52 PM new
He may not have ment it, but he said,
"As though that were not enough, the hacker(s)used my credit card number to ask my bank for $800 cash."
|
kevinkevin
|
posted on April 24, 2002 01:15:26 PM new
Fabulous story.
It sux that it took so long.
I would like to quote your story as on your website for documentation.
Would you mind if I did that?
secondly on your home page, you still have a link for using paypal. I hope you just forgot that, not that you are going to trust them again 
Kevin
|
stopwhining
|
posted on April 24, 2002 02:25:42 PM new
back in the gogo days of dotcom mania,there is not enough programmers in house to do programming work and i know ebay and others have contract programmers.
i recall logging on to paypal site and saw some info on paypal hiring programmers.
i wonder if these outsiders know too much of how any financial system works??
how could some of these hackers be so sophisticated to do all these hacking??
to navigate thru a complex system such as paypal ,one must know how to sidestep landmines,were there any security leaks??
|
kevinkevin
|
posted on April 24, 2002 02:43:51 PM new
Hacking paypal would probably be as easy as it was to hack ebay.
Recently ebay closed a security hole allowing anyone who knew your login to use a dictionary attack on the login.
After all these years, it was recently fixed.
Paypal is just as easily compromised I am sure.
And what's worse is they are probably growing too fast to do anything.
And if they are internally anything like authorizenet (disorganized and disinterested), Paypal is going to wait for the FBI to approach them as happened with authorizenet.
I am happy to be a part of the team that helped bring in the FBI and MasterCard to authorizenet this year. 
Kevin
|
oldwestrec
|
posted on April 24, 2002 04:47:04 PM new
To coonr
I would like that answer myself. The information they used (apparently my password and the credit card (checking card) were things only with paypal. These two items were nowhere else/
to kevinkevin
Please tell me where I have a paypal link, i thught I had changed or deleted all.
thanks,
Ron
|
stopwhining
|
posted on April 24, 2002 07:41:38 PM new
what the hell is a dictionary attack??????
|
Coonr
|
posted on April 24, 2002 08:07:30 PM new
These two items were nowhere else
I would imagine if you contact your financial institution they have your account information avaliable online. You cannot assume it was 'nowhere else.'
|
oldwestrec
|
posted on April 24, 2002 09:51:06 PM new
The point I was trying to make is that only on Paypal would you find these pieces of information together. It would strain credulity to believe that a hacker would simultaneously be hacking both paypal and my bank account. You Paypal apologists can nitpick my site all you want, but the fact remains I was robbed due to inadequate security in the Paypal system. Sorry, smugness won't protect your account.
|
Coonr
|
posted on April 25, 2002 06:06:07 AM new
I am not nit picking your page and I don't know how of if your information may have been compromised.
I do find it strains the immagination to think they could have got your information from your Paypal account if it is not there for them to get.
|
club1man
|
posted on April 25, 2002 09:56:26 AM new
Did anyone consider the possibility of an inside job.
|
stormypetr
|
posted on April 25, 2002 10:48:48 AM new
A dictionary attack is where a hacker uses every word in a dictionary to determine what your password is. They just keep plugging in words until they are let in under your user id. Ebay did not restrict the number of times you could try and login. Most systems will allow 3-10 tries at getting the password. If you don't get it, they will restrict your login until you contact them and they verify it is your account.
|
dealerjim
|
posted on April 26, 2002 12:13:17 PM new
"Did anyone consider the possibility of an inside job."
I have thought my case was an inside job from the beginning. Why else would they be so apt to harboring a criminal? PayPal Sucks!!!
|
paypaldamon
|
posted on May 1, 2002 12:53:08 PM new
Hi oldwestrec,
The PayPal system has never been hacked. In addition, the majority of employees within the company can't view credit card/bank account numbers (as an example, I can only view the last 4).
There have been quite a few spoof emails going around lately. Many users unknowingly access these sites thinking they are PayPal, which (if accessed) will give the party your email/password combination.
If you receive an email asking you for information, or stating that you need to do something to update your account, you simply need to make sure that you are accessing the site through www.paypal.com only.
|
oldwestrec
|
posted on May 1, 2002 05:46:49 PM new
To Paypal Damon:
Nice fantasy, hold on to it, you might begin to believe it.
oldwestrec
|
club1man
|
posted on May 1, 2002 11:28:32 PM new
Saying a site has never been hacked is as stupid as saying "there's never been a horse that's hasn't been rode or a cowboy that hasn't been throwed" I do agree that there are mirror sites out there, but there aren't that many people stupid enough to use them.
|
tomwiii
|
posted on May 2, 2002 02:08:48 AM new
NO?????????????????
There are TONS of folks STUPID enuf to send MOOLA to ROMANIA every day! We read about them HERE all the time!!
Never underestimate....
|
uaru
|
posted on May 2, 2002 09:11:32 AM new
club1man I do agree that there are mirror sites out there, but there aren't that many people stupid enough to use them.
"Mirror sites" are legitimate sites, you'll find they are used to give more people access to downloads quicker (netscape, microsoft, apple, use them.) Don't confuse "mirror sites" with "fake sites" there's a big difference between the two.
[ edited by uaru on May 2, 2002 09:12 AM ]
|
ltlcrafty1
|
posted on May 2, 2002 11:47:37 AM new
uaru;
What is the deal with you? Is this all you do these days? Follow Club1man around, capping on everything he says? Dissecting each sentence to see if he's made any erroneous statements?
My god, it must something else, thinking someone else ALWAYS wants YOUR two cents.
|
uaru
|
posted on May 2, 2002 12:12:23 PM new
ltlcrafty1,
I simply wanted to make it clear that there was a big difference between 'mirror sites' and 'fake sites'. If anyone had made the statement I would have corrected it.
|
club1man
|
posted on May 2, 2002 01:03:19 PM new
when I talk about mirror sites I mean ones that look like the real site but they ask for your passphrase and don't go to the secure site intended. Their were many such sites floating around on e-gold they informed their customers promptly.
|
uaru
|
posted on May 2, 2002 01:43:37 PM new
Maybe someone else can explain what a "mirror site" is. I tried.
|
