Quicklinks: · Power Macs · 'Books · Early Macs · Week's Best Deals · Best Buys · OS Downloads

PayPal Insecurity

Dan Knight - 2002.08.08

I've used PayPal for years, and I'm convinced that they fill a very real need on the Internet. If anything, they need to do a better job of supporting users outside the US and making their services available to the worldwide audience on the World Wide Web.

They also need to beef up security.

As I discovered on Tuesday, someone using the email address lilbb@spils.com (a free email service) managed to hack my password and add his/her email address at about 3:40 p.m. Central Time on Sunday. This individual then removed my email addresses, blocking me from access to my business account.

Fortunately, I usually have less than $100 in my PayPal account. I try to keep enough there to cover some hosting and access fees that I pay with my PayPal debit card.

Unfortunately, that PayPal account is also linked to my business checking account. On the up side, this means I can send funds via PayPal even if I don't have enough in my PayPal account. PayPal will simply do an electronic funds transfer from my Fifth Third bank account, and then forward the funds to the recipient.

So all it takes for someone to clear out my business account is guessing my password, adding their email address, and then removing my access to the account before I have a chance to respond. And that's exactly what happened.

lilbb then proceeded to clean me out with a $418 and a $1,026 transaction. Another $1,844.70 was attempted, but those funds didn't clear due to insufficient funds.

We've sent out a warning to others, suggesting anyone who uses PayPal reconsider their current password. We thought ours was good, since it wasn't a dictionary word, but that wasn't enough. We recommend using upper case and lower case letters along with numbers and punctuation - all allowed by PayPal - to create a more secure password.

We've also sent email to spils.com about the hack, but we have no idea how helpful they may be. We're also enlisting the assistance of Web savvy users, asking them to check their site logs - if their logs track user IDs, they may be able to help us track down lilbb.

We sure hope so, and also that the money can be recovered. We've just lost the funds needed to pay our bills.

Where Next?

We're going to think long and hard about using PayPal in the future. The system simply isn't secure enough if all it takes is hacking a password to rob someone blind.

If we do decide to continue using PayPal, we will be smart about it and set up a completely separate checking account linked to our PayPal account. That way if someone should hack our account again, our potential loss could be greatly reduced by keeping that account balance very, very low.

We strongly urge the folks at PayPal to beef up security. It's very convenient to be able to add more email addresses to an account with a single password, but it also creates the potential for situations like this.

PayPal needs to provide more security, such as requiring use of a code emailed to an address already on the account before allowing use of any new email address. That simple step would have eliminated our problem.

PayPal should also flag suspicious behavior, such as a lightly used account suddenly being used for several transactions totaling over $3,300. Credit card companies do that kind of thing; PayPal should also.

That said, PayPal has been very helpful in locking the account. I've already filed affidavits electronically about this mess. The only disappointment is that PayPal's investigators have yet to call me back. It's been two days, I'm out $1,500 or so, and they need to do better on callbacks.

Do I recommend against using PayPal? No, or at least not yet. The service is very convenient. Users need to be much more aware of the pitfalls. Make sure your password is obscure, and don't keep much money in the bank account linked to your PayPal account.

Dan Knight has been using Macs since 1986, sold Macs for several years, supported them for many more years, and has been publishing Low End Mac since April 1997. If you find Dan's articles helpful, please consider making a donation to his tip jar.

Recent Mac Musings

• The October 2008 MacBook Value Equation, 10.15. Apple changed the entire MacBook lineup on Tuesday. How do close-out prices compare to the new ones?
• What Would an $800 MacBook Mean for the Mac mini?, 10.09. If Apple does release an $800 entry-level MacBook next week, the $600 Mac mini is going to look very overpriced.
• Low End Mac Needs Help Moving to Joomla, 10.08. We've settled on Joomla as the content management system that should work very well for Low End Mac, but we're running stuck with templates.
• Mac nano? Brick? How Small Could Apple Make a Mac?, 09.23. The iPhone and iPod touch show how small Apple can make a computer. What if Apple wanted to build a very, very small Macintosh?
• More in the Mac Musings index.

Links for the Day

• Mac of the Day: Macintosh LC, Oct. 1990 - only 3" tall, the LC was the least expensive color Mac in 1990.
• List of the Day: The iPhone List Low End Mac's forum for discussing and supporting Apple's iPhone.
  
• October 15 in LEM history: 90: Mac IIsi, LC, and Classic - 97: Yale threatens to drop Mac support - 99: Decelerate your Mac - Time magazine on Jobs and Apple - 01: Is Microsoft the enemy? - 02: Confessions of a Mac to PC convert - The IT job market - 03: Microsoft's holding pattern - 04: October 1990: The first low-end Macs - Dual core 'Books - 07: When to pick Tux - SteelSeries 4D the best mousepad ever? - Irrational rantings of an Intel hater

Recent Content on Low End Mac

• G3 and Low End G4 Mac Performance Comparison, Simon Royal, Mac Spectrum, 10.15. Factors that impact performance are the version of CPU, the size and speed of the Level 2 cache, and how much RAM is installed.
• The Good, the Bad, and the Ugly of Apple Design, Charles W. Moore, Miscellaneous Ramblings, 10.15. Apple has produced some beautiful computers and iPods over the years, but also a few of the ugliest and most ungainly computers ever seen.
• 3 Reasons to Use a Mac, and Pismo Troubleshooting, Charles W. Moore, Miscellaneous Ramblings, 10.15. Why one Windows user is also a Mac user, a Pismo that can't see its AirPort card, and sources of kernel panics.
• Best MacBook Deals, Low End Mac Deals, 10.15. Used 1.83 GHz, $649; 2.0 SD, $750; refurb 2.1 GHz, $849; 2.4, $1,049; black, $1,099; new 2.1, $869 after rebate; 2.4, $1,175 a/r; black, $1,194 a/r.
• Best 15" MacBook Pro Deals, Low End Mac Deals, 10.15. Used 2.0 GHz Core Duo, $1,000; 2.16, $1,100; refurb, 2.4, $1,349; new, $1,444 after rebate; refurb 2.5, $1,499; new, $1,644 a/r; refurb 2.6, $1,799; new, $2,594 a/r.
• Best MacBook Air Deals, Low End Mac Deals, 10.15. Used 1.6 80 HD, $1,200; refurb, $1,349; new, $1,549; 1.8 120, $1,999; 1.6 128 SSD, $2,299; used 1.8 64 SSD, $1,800; new, $2,100.
• MacBook (Unibody), 10.14. The MacBook gets the same aluminum treatment as the MacBook Pro - and dedicated GeForce 9400M graphics.
• 15" MacBook Pro (Unibody), 10.14. The new MacBook Pro's case is carved from a block of aluminum for increased strength.
• MacBook Air (GeForce), 10.14. More storage, a video port, and GeForce 9400M graphics improve the MacBook Air.
• MacBook White, 10.14. Entry-level white MacBook gets a SuperDrive, retail price reduced to US$999.
• Death of the iPod 'Way Off in the Future', Tim Nash, Taking Back the Market, 10.14. Someday Apple will decide that the iPod is no longer profitable and discontinue it, "but that day looks to be way off in the future."
• Best Intel iMac Deals, Low End Mac Deals, 10.14. Used 20" 1.83 GHz, $599; 2.0, $730; 2.16, $800; 24", $950; refurb 17" 1.83, $699; 20" 2.0, $949; 2.4, $999; 2.66, $1,299; 24" 2.4, $1,299; 2.8, $1,549; 3.06, $1,899; rebates on new.
• Best iBook G3 Deals, Low End Mac Deals, 10.14. Used 300 MHz clamshell, $150; 366, $199; 500 CD, $149; 800, $190; 600 DVD, $200; CD-RW, $240; 700 Combo, $250; 900, $369; 14" 600, $230; 900, $449.
• Best Classic iPod Deals, Low End Mac Deals, 10.14. Used 60 GB color, $150; used 30 video, $140; 80, $170; refurb 80 classic, $169; new 120 GB, $240; refurb 160 GB, $249; new, $280. New & refurb include shipping.
• Will Apple's Rumored $800 Notebook Be a Netbook?, Charles W. Moore, 'Book Value, 10.13. Netbooks are hot, and with the economy in turmoil, Apple needs to offer a netbook for the OS X crowd.
• Best Titanium PowerBook G4 Deals, Low End Mac Deals, 10.13. Used 667 MHz Combo, $480; 867 MHz, $530; 1 GHz, $590; SuperDrive, $900.
• Best Classic Mac OS Deals, Low End Mac Deals, 10.13. System 6, $10; 7.1, $12; 7.5.1, $4; Mac OS 7.6, $13; 8.0, $13; 8.1, $48; 8.5, $25; 8.6, $20; 9.0, $20; 9.2.2, $20; more.
• Best Xserve Deals, Low End Mac Deals, 10.13. Used G4/1 GHz, $999; G5/2 GHz, $1,499; new 2.0 4-core Xeon, $1,900; refurb 3.0 4-core, $2,299; 2.8 GHz, $2,599; 3.0 8-core, $3,499; 3.2, $3,699.
• More links in our archive.

Go to the Mac Musings index.

Channels
 Power Macs
 iMac Channel
 iBook/PowerBook
 MacInSchool
Computer Profiles
 iMac
 Power Mac
 PowerBook/iBook
 Performas
 Mac Clones
 Older Macs
 Lisa • NeXT
Editorial Archive
Mac Daniel's Advice
Email Lists
LEMchat (uses AIM)
Online Tech Journal
Consumer
 advice, reviews
 guides, deals
Software
Apple History
Best of the Web
 Best of the Mac Web surveys
Miscellaneous Links
 Best Used Mac Buys
 Used Mac Dealers
 Video Cards
 Mac OS X
 Mac Linux
 Macspeak
 RAM Upgrades
About Low End Mac
Site Contacts

Support LEM

Affiliates

The Apple Store
.mac
iTunes Store
Club Mac
MacMall
MacResQ
ExperCom
eBay
Amazon.com
PayPal
PCMall
PC Zone
Crucial Memory

Our advertising is handled by BackBeat Media. For detailed price quotes and advertising information, please contactat BackBeat Media (646-546-5194). This number is for advertising only.