Mac Musings

Hijacked on PayPal

Dan Knight - 2002.08.06 - Tip Jar

PayPal is a great idea, giving computer users a fairly easy way to send and receive funds.

PayPal is also a dangerous idea. It is not a bank, is not required to follow banking laws, can restrict your account without any warning, and can reverse transactions months after you've shipped merchandise.

And, as I learned this morning after two days away, it can let a complete stranger hijack your PayPal account. All they have to do is guess you password, authorize their own address, change your password, and remove your old email address(es) from the account.

Just like that, they've not only been given access to whatever balance is in your PayPal account, but also the ability to access any funds in the checking account tied to your PayPal account - in my case, the business account for Cobweb Publishing.

The account was hijacked at around 4:40 p.m. Sunday (EDT), only an hour after I posted a "close Monday" sign on Low End Mac and left for vacation. I suspect the criminal may be a regular site visitor.

I've already emailed PayPal about what happened on Sunday, and I'll be attempting to contact them by phone as soon as I post this. And believe me, I'm going to be standing at the door when my bank opens this morning to put a block on transfering any funds into my PayPal account and make sure no transactions have taken place since my PayPal account was hijacked.

And to the people at PayPal: This is no way to run a business.

To the rest of you: Pick very obscure, very hard to guess passwords. Don't pick a dictionary word or part of your email address. Include numbers plus upper and lower case letters. (My regular password does all of this, but PayPal didn't think it was long enough, so I came up with a longer one that turned out to be less secure. Sigh.)

Convenient as the PayPal service is, they've made it too convenient for thieves to break into accounts. Once I clear up this mess, I plan on closing down my PayPal accounts. I can live with this level of risk.

Update, 7:45 a.m. Phone call got PayPal to put a lock on the account. Have a voice mail into PayPal investigations. Awaiting call back after 8:00 a.m. EDT.

Join us on Facebook, follow us on Twitter or Google+, or subscribe to our RSS news feed

Dan Knight has been using Macs since 1986, sold Macs for several years, supported them for many more years, and has been publishing Low End Mac since April 1997. If you find Dan's articles helpful, please consider making a donation to his tip jar.

Links for the Day

Recent Content

About LEM Support Usage Privacy Contact

Follow Low End Mac on Twitter
Join Low End Mac on Facebook

Favorite Sites

Cult of Mac
Shrine of Apple
The Mac Observer
Accelerate Your Mac
The Vintage Mac Museum
Deal Brothers
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End Mac FAQ

The iTunes Store
PC Connection Express
Macgo Blu-ray Player
Parallels Desktop for Mac

Low End Mac's store


Open Link