what a cool day, openned my paypal account and saw that I had a transaction to buy gold, I have never played online games or other but I wasn´t the 1st with this problem, I don't know what to do besides the complain I have made at Paypal already, will see what they will do, I had close to 100EUR taken from my account to a chinese dude called something like Mao Fen for collecting the following:

Item Title: Diablo III - EU Normal Mode 300000 K Gold

from what I have understood they do this to play that online game, how cool is that?

http://www.cnet.com.au/my-paypal-was-hacked-to-buy-dodgy-diablo-iii-gold-339341021.htm

You can dispute the transaction and open a claim in the paypal resolution centre on your account. If the transaction was fraud, spoof or hack then you will get your money back.

Quote from: Poncke on December 06, 2012, 18:18
You can dispute the transaction and open a claim in the paypal resolution centre on your account. If the transaction was fraud, spoof or hack then you will get your money back.

yep done that, sure they will return my dosh because I have nothing to do with it

Sorry to hear that Luis.

Could tell us if you have a unique password for your Paypal account or do you use a password that you use on other sites as well?

If you don't mind revealing this info but did you follow the "recommendations" on how to create a safe password (mixing lower case and upper case characters as well as using  numbers and other characters)? Did you use a password that can be found in the dictionary or is it a made up sequence of characters that don't make any sense?

I'd love to get this info.

Best wishes and I'm sure Paypal will fix the problem so you can get the money back.

my password has everything (numbers, characters, symbols, upper case) and it doesn't make much sense

I can also add that this guy haven't touched anything, it was just the transaction

Quote from: luissantos84 on December 06, 2012, 18:25
my password has everything (numbers, characters, symbols, upper case) and it doesn't make much sense

I can also add that this guy haven't touched anything, it was just the transaction

Was it unique to Paypal or do you use this password anywhere else? Could it have been intercepted from another site?

Do you use a PayPal security key?  I've been using one for a few years, hopefully it improves security.

I got my paypal hacked via Facebook- whomever got my info on FB (email address). I closed done my FB account and had to close out all my accounts since my paypal was a sub-account of my main checking/debit. A total mess...

Quote from: click_click on December 06, 2012, 18:30

Quote from: luissantos84 on December 06, 2012, 18:25
my password has everything (numbers, characters, symbols, upper case) and it doesn't make much sense

I can also add that this guy haven't touched anything, it was just the transaction

Was it unique to Paypal or do you use this password anywhere else? Could it have been intercepted from another site?

its unique!

Quote from: sharpshot on December 06, 2012, 18:30
Do you use a PayPal security key?  I've been using one for a few years, hopefully it improves security.

no and never heard of that, might take a look

Quote from: tab62 on December 06, 2012, 18:32
I got my paypal hacked via Facebook- whomever got my info on FB (email address). I closed done my FB account and had to close out all my accounts since my paypal was a sub-account of my main checking/debit. A total mess...

thats a lot of work

thank god SS only pays tomorrow

First I think, your account was hacked via a keylogger/backdoor/etc.
The other guess would be, you logged in to paypal account from elsewhere than your home/personal computer, where a malware was installed...?

In any cases, it's best to change passwords frequently...

Very sorry to hear that Luis! Check your system for any Trojan and I would change all my other passwords, just to make sure. Sadly, noways there are so many psswd crack bots on the net that things like that happen even if you take all measurement possible.

I have paypal for many years, maybe close to 10 perhaps, I had another account but created another thinking of microstock agencies, it works only for that and I don't give my paypal address to anybody (only agencies), also have antivirus updated, not a cracked version

thanks for all replies, will let you know how it goes!

p.s: only enter paypal at my place

Quote from: tab62 on December 06, 2012, 18:32
I got my paypal hacked via Facebook- whomever got my info on FB (email address). I closed done my FB account and had to close out all my accounts since my paypal was a sub-account of my main checking/debit. A total mess...

But even if someone knows your email address that they got from FB...they still need the password to get into your paypal account. I don't understand how your account got hacked via FB...can you explain how that happens? I don't think my email address is public for everyone on FB but I have never made a secret of my email address. I don't broadcast it, but I do use it.

We'll never know exactly how this was done because PayPal - obviously - doesn't want that known.  As a former software engineer I'm very curious of course.

Quote from: stockastic on December 07, 2012, 00:28
We'll never know exactly how this was done because PayPal - obviously - doesn't want that known.  As a former software engineer I'm very curious of course.

indeed!

1 - my password or other details haven't changed (pretty much I have logged in and saw a transaction I haven't made, then made the complain)
2 - have talked with the site that sells the gold to play games (online chat) and they haven´t provided me any detail once they don't know me, they say they sent the gold after the payment, they only ask for a name and paypal address to register
3 - I can only imagine that Paypal will track his IP and see that my Paypal account has been accessed on the same IP for the last month, so they will see a different IP unless he/she is hiding behind a proxy
4 - Paypal might think I have made that transaction and I end up screwed

It can be quite a bit more devious/complicated than one might guess.  For example: the fact that a transaction shows up in your account doesn't mean that your account was 'hacked' in the sense of someone gaining access to it.  All it means is that a transaction was injected into their database.  It might show up in a randomly chosen account basically as a side effect.  Their IT guys will take your report seriously, start auditing their database, and maybe find a number of similar transactions, each ending up tied to a different user account. 

In other words, there is the front door (a user name and password), but then there are the back doors.

Hello Luis Santos,

We've finished reviewing your unauthorized activity claim and you'll
receive a refund for the transaction amount. It may take up to 5 business
days for the funds to appear in your account.

they haven't told me any details, looks like PP works well

So they came through for you,  super.

Quote from: etienjones on December 07, 2012, 17:16
So they came through for you,  super.

and just got the money!

So glad you got it sorted Luis!

Quote from: suemack on December 07, 2012, 19:16
So glad you got it sorted Luis!

thanks!

Quote from: luissantos84 on December 07, 2012, 17:00
Hello Luis Santos,

We've finished reviewing your unauthorized activity claim and you'll
receive a refund for the transaction amount. It may take up to 5 business
days for the funds to appear in your account.

they haven't told me any details, looks like PP works well

Very good news!  Happy you are not out the cash