I hate PayPal


Active Member
Last night I received several E-mails from PayPal, and the first E-mails said that someone with a foreign IP address was trying to access my account at 3:30 a.m. I was not to worry because PayPal blocked the transaction. At 3:31 a.m. I received the same E-mail. Then at 3:39 a.m., I get an E-mail informing that I just changed my password. Next at 3:40 a.m. I get an E-mail thanking me for changing my security questions and answers!

The problem is that while this was going on, I was at work! I did not get the e-mail until I got home. By then it was too late. The only thing PayPal said was OOP!! Oh by the way someone has your credit card information! Now I have to cancel my credit card.

My credit card company said that nothing had been charged, so that is good, but now I have to get a new card. What a pain!!!

Those are typically scam emails that try to get you to use the embedded link to "protest the charge". It's bogus and not real. No one has your credit card information because those emails probably didn't come from PayPal. I get at least 50 of those a day.
Automated Outlet, I am used to the scam E-mails, I usually just forward them to PayPay. I called them this morning, and they tech support told me that my credit card info was on the loose, and I had better do something about it. Since it was not their problem.

oh that just sux! So maybe it don't happen to others, was your password something easy to guess or a short easy number or word?

Just worried about how someone got our info, as I use Paypal myself.

Thanks and hope your problem turns out ok.

exactly the reason that I do not put my bank info int Paypal to get "verified". I had a paypal account in the past compromised (someone sent themself a payment for an item that was never ordered or shipped). I notified Paypal about it and they did nothing! I had to dispute the charge through the credit card company. Paypal then proceeded to close out my Paypal account because I disputed a charge. ;) I never received any information that they ever even did anything about the fraudulent transaction.

No it was 8 char. upper and lower case. I don't know how they got into my account. I have not used it in 3 or so mo. I had been thinking about getting my account "Verified" by giving PayPal my bank acount information. Glad I did not or I would have been "%&U^$"

Steve, that stinks.

Also, an 8-digit upper/lower password only has a bit strength of 45, which is easy for a hacker to crack.

Upping it to 10-digits raises its strength to 57, still weak

Adding numbers to the mix (at 10-digits) brings it to 59

Adding all the possible characters on your keyboard, at 10-digits, brings it to 65.

Doing the same (using all types of characters) and raising it to 20-digits, brings its strength to 130 bits.

Unfortuneately, a lot of web sites limit you to alphanumeric passwords of no more than 8-digits, but most of those are not sites that hold financial information. I know PayPal can handle some long, complex passwords.

I have a few stock passwords I use that are as complex as possible, given the limitations of the sites I use them on. I have at least 130-bit passwords on all sites where any financial information is maintained.
A good system wouldn't allow brute force attacks to begin with, it would lock you out for 30 minutes or so after trying 3 times (and even if it didn't, brute forcing online accounts can be a slow process). I would be surprised if this is how they got into his Paypal account, it would be more believable that someone found a bug in the Paypal system, and exploited this.
That's true, e. I'm pretty sure PayPal is setup as you say. I wonder how the guy got Steve's password.

Oh, and another good password practice - don't use a password that you use to secure valuable information for things like FTP and SQL - if I remember correctly, those passwords are sent in the clear, and could be sniffed out by a hacker easily, so if you use the same username and password for FTP access to, say, your hosted web site, then a hacker could intercept them and then use them at other places.
I think there's more going on here than what we are reading about .

I would have your PC checked immediately for some type of snoop programs or a key logger program or an unsecured wireless networking program.

There were some details on this message board under "software essentials" regarding passwords being stored as text files !

I would also put in a startup password so nobody gets into your PC when you aren't home.

Maybe some budding hackers are getting at this system when the owner isn't around.(like teenaged friends or whatever).

The emails actually sound like someone "phishing" for your passwords by letting on that your passwords have been changed.

These sites will tell you you better log in right away to site xxxxxx to avoid your account being compromised.

You can't really trust anything on the internet any more.

Good luck..........

And how about setting up a checking account that is used just for Paypal? Keep only the minimum funds in it. That limits the amount of the transaction by the money in the account...

Don't tie PayPal to your day-to-day accounts at all!

Then if you want to make a purchase, you transfer money to the PayPal checking account online, then pay through PayPal. Yes, it adds a step, and possibly a delay, but it keeps your accounts safe.
PS Scrambled, it could also be an insider at your ISP... or anyone that could be intercepting your email or sniffing your network connections. If you use wireless, make sure you are using all the security features.
huggy59 said:
And how about setting up a checking account that is used just for Paypal?

Thats a really good idea! I use long, mixed, unique passwords for each financial site but this simple idea is one of the best. It leads to the next step of having a credit card with a similiar setup.