We have been using PayPal for our home-based Internet business for 5 years. The other day we got 10 emails with Chinese looking characters and the words %26quot;Electronic Arts%26quot; in English from PayPal indicating purchases. When we logged into PayPal there were 10 purchases from Electronic Arts for %26quot;BFPoints%26quot; totaling $200. There was $700 left in the account after they did this and they didn't change our password. We are in the process of contesting this with PayPal. We are dismayed enough to stop using PayPal. How does someone do this? Did they hack through PayPal or did they guess our password or what?
Somebody got into our PayPal account. How?
Paypal is a very secure service and it is very unlikely that they 'hacked through PayPal' or you would have definitely heard about it in the news (as many others would be affected also).
There are two probable explanations:
A) Your password was most likely cracked using brute force in combination with some kind of statistical algorithm which can guess the password faster by using a database of common passwords with combinations of real words, common numbers etc.
In order to create a secure password that cannot be cracked by others without access to the top supercomputers in the world... simply make sure it is longer than 8 characters, contains lowercase and uper case letters, numbers and symbols and also make sure the letters do not have any relation to eachother (i.e. don't use real words), and same for numbers (i.e. don't use years etc.).
B) You were the victim of a phishing scam which unknowingly got you to enter your account details on a site run by the so called 'hackers'.
In this case, always make sure that when you access PayPal, you do so through paypal.com and look for the lock symbol and address bar colour change indicating that the connection is secure and encrypted and verified to be run by PayPal Inc.
Somebody got into our PayPal account. How?
You might have spy-ware on your computer
You might have logged into a phishing site (looking exactly like paypal)
I would check your computer with a good up-to-date anti-virus!
Not guess your password. But BruteForce it. BruteForce will work on any webbase login. So If you have your bank account set up for viewing on the web, they can do the same thing there.
BruteForce is a program the will go through any combination of letters and numbers till it gets the right password. Might take a long time But they let a computer work on it till they get in.
It does not take a %26quot;SUPERCOMPUTER%26quot; to run any of the password crackers.
lol
