Serious Security Issue

[TeeJay]

I'm not naming names, as that's private, but I've just received a PM from someone, who has had their paypal account hacked, and totally cleaned out. They have said that in the past few minutes, someone has actually been trying to hack their computer through the forum, and has so far used seven IP variants.

I'm not sure what's going on, or what can be done, but someone is clearly trying to fuck with us in a very nasty way.

To whoever it is, you know who you are, you know who you've stolen from, and you are going to be punished for it, in this life or the next. Whoever you are, you are absolute scum, and even the fires of Hell will be too good for you, you pathetic excuse of a creature

[2005SUBMARINER]

those with pp acounts should spend the $5 & get the verisign fab .. its a piece of mind to avoid [censored] like this ...

scary stuff man ...

[freddy333]

Sorry to hear this, but the victim ought to run FULL scans (with the latest signature files) of their computer for viruses AND spyware, especially if they store passwords & the like on it.

[Shundi]

[censored]. That.

Not sure if I'm any safer using Ubuntu and SNORT but I wouldn't want anything like that happening to anyone...I'd ask anyone whose been affected/thinks they've been affected/ had an attempt made on their info to post here...

[TeeJay]

I couldn't believe it when they told me that they'd been wiped out, but when they said that they got the warnings that someone was trying to hack them there and then... That was scary. Whoever it is, they've sure as hell got no place here, and I hope that they get caught and punished to the full extent of the law

[Mickey Padge]

Blimey, this sounds bad, I hope they did not lose too much!

[TeeJay]

Blimey, this sounds bad, I hope they did not lose too much!

I don't know how much was involved, just that they got totally cleaned out

[RobbieG]

I'm really a neophyte when it comes to this stuff, but how exactly could someone do that if you have both the Windows and aftermarket firewall on your machine? And how would they get your password to PP, and then once they had it how would they withdraw money other than sending it to themselves and if they did you get instant verification and then can't you reverse it within a certain amount of time?

I would like to hear all this, but anyway, this is why I don't keep any money in PP ever. It is a pain, but I always transfer in just as I know I'm going to need it and if I sell something I take it right out the same day...

[KB]

TeeJay can you ask whoever it is to contact admin or one of the Co-Admins directly so they can look into this?

Ken

[TeeJay]

TeeJay can you ask whoever it is to contact admin or one of the Co-Admins directly so they can look into this?

Ken

No problem, Ken, I'll pass on the info immediately

[Chino]

It's obvious the course of actions coming from the Admin team when this subject is identified.

This is unacceptable in a place like this.

[pollux1]

Hopefully it won't be too hard for admin/mods to catch the blastard.

[TeeJay]

I'm really a neophyte when it comes to this stuff, but how exactly could someone do that if you have both the Windows and aftermarket firewall on your machine? And how would they get your password to PP, and then once they had it how would they withdraw money other than sending it to themselves and if they did you get instant verification and then can't you reverse it within a certain amount of time?

I would like to hear all this, but anyway, this is why I don't keep any money in PP ever. It is a pain, but I always transfer in just as I know I'm going to need it and if I sell something I take it right out the same day...

The only thing I can think, is some kind of virus which retains passwords, but I really don't know a whole lot about the subject at all. Hackers can do some pretty scary stuff, and the thing that scares me most about them, is that they tend to be pretty mal-adjusted individuals, who either don't get it, or just don't care, that their 'shits and giggles', can seriously mess with other people's lives. Total lack of empathy, which at the end of the day, is pretty scary...

It's obvious the course of actions coming from the Admin team when this subject is identified.

This is unacceptable in a place like this.

Indeed, it's utterly unacceptable here, it's good to know the Admin team is on the case

Hopefully it won't be too hard for admin/mods to catch the blastard.

You're right there, given the security measures this site has, I think someone's just entered a whole world of pain...

[smc]

This sounds like someone who has either shared account info, has a weak password, or does not have an up to date computer with adequate protection.

[letter]

Trojans/keyloggers etc etc will leave a open a 'backdoor' on your computer to allow someone to access it.

the trojan/keylogger will log all passwords for sites such as ebay, paypal etc

could have picked the trojan up anywhere...what do you mean "someone has actually been trying to hack their computer through the forum,"

[TeeJay]

Trojans/keyloggers etc etc will leave a open a 'backdoor' on your computer to allow someone to access it.

the trojan/keylogger will log all passwords for sites such as ebay, paypal etc

could have picked the trojan up anywhere...what do you mean "someone has actually been trying to hack their computer through the forum,"

That's what they told me, so I'm simply passing on what I was told. I wondered about a keylogger, but when they said that they got warnings that they were being hacked 'real time', I felt I had to bring this to the community's attention.

[letter]

a lot of trojans will have keyloggers incorporated into them

[letter]

if the user wants i can upload nod32(antivirus) and outpost (firewall)?

also suggest spybot(free download at http://www.safer-networking.org/en/download/index.html) - make sure you update the program before scanning

[TeeJay]

Thanks for the suggestions, I'm sure they'll be very grateful

[stilty]

Not to be a "Doubting Thomas", but how do you clean out a Paypal account?

Only way I know to get money out of my account is to "send", "withdraw" or "pay" with debit card.

All of which are easily traced. So how hard would it be to figure out where the money went? There would have to a trail leading to the thief.

[letter]

paying for intangible goods on the internet

paying for goods and trying to get them shipped to another delivery address

i'd imagine the user will be able to reverse the transactions - contact paypal asap !

[TeeJay]

Not to be a "Doubting Thomas", but how do you clean out a Paypal account?

Only way I know to get money out of my account is to "send", "withdraw" or "pay" with debit card.

All of which are easily traced. So how hard would it be to figure out where the money went? There would have to a trail leading to the thief.

As above, I can only go by what I was told by the person. I know the Admin team are looking into this, so I think any further comments would be pure conjecture, and it's probably best left in their capable hands I'm sure we will be informed of any investigations and outcomes in due time

[maxman]

Thanks TeaJay for the heads up, scarry sh.. Whoever did this is a POS. I will not keep anything in PP except for transaction$$$. Some people realy suck. I hope the victim did not have to much in his acct. Mike

[bubu]

Are credit cards also open to use or money withdrawall?

[Shundi]

Are credit cards also open to use or money withdrawall?

Credit cards are pretty safe...that's why I use them to fund all of my online purchases...especially with American Express...

Anything goes wrong: They take care of it. All I have to do is notify them and then it's all good...