I would like to warn anyone who has used E-bay/PayPal recently that the PayPal files may have been hacked.

I have been buying a few darkroom items off of E-Bay and paying for them using PayPal.

Someone tried to use my credit card information stored there to send a $1,000 Western Union telegram, which my credit card company blocked immediately, and then placed a hold on my card. (Now, that's what I call service.) Subsequently, I canceled my credit card, and ordered a new one.

So, it might be a good idea if you have a PayPal account to remove your credit card/bank account information until this issue has been resolved.

From now on, if I use PayPal, I will enter my credit card information for the transaction only, and then remove it promptly after the transaction has been completed.

Good Luck!

Gregory,

I had a similar attempt on my card today (also blocked by my credit card company). As I had just returned from the Large Format Conference in Rockford, where I used the card, my first instinct is that my credit card info was swiped this weekend. See this thread (http://www.largeformatphotography.info/forum/showthread.php?t=18028) for more info.

I have not used this card to make an eBay/PayPal transaction recently, but it is a card they have on file linked to my account. So, if their database was hacked it could be a source of this fraudulent attempt (also an attempted Western Union money transfer).

Have you received any notofication from eBay/PayPal about any possible theft of credit card information? Have you used the card elsewhere recently?

Thanks,
Kerry

While I'm no Sherlock Holmes, it was a no brainer to trace the fraudulent activity to PayPal because I use only one credit card for all Internet transactions, and the only transactions I have made in the last 30 days has been with E-bay/PayPal. So it's obvious to me where my card information had been compromised.

As for PayPal, they have not notified me at all. I, however, notified them of the problem. I also removed all my credit card information from their site, and I will never leave it there in the future for more than five minutes, just enough time to complete a transaction.

Intuitively, I knew better than to give PayPal my bank account information so I could be certified. Bank accounts don't have the same level of protection as credit cards, and my credit card company, Capital One, is one "junkyard dog" when it comes to specious activity. They monitor each of my transactions closely, so they know what types of items I buy and where. Now for some folks this would be a very big privacy issue, but for me it's not.

Please let me know what you find out. It might be a good idea to contact your credit card company immediately to have your card canceled, like I did.

Kerry,

I also deleted my credit card information on Amazon, for what it's worth.

I'm no Sherlock Holmes either, in fact I'm not even Maxwell Smart when it comes to knowing anything about hacking, but both you and Kerry seem to be assuming that since the attempted access happened recently it must have been related to a very recent transaction. I'm not so sure that's right. It would seem to me that while the access might have just happened, the transaction that gave rise to it might have happened at almost any time in the past. No?

Thanks, I just deleted my credit card information on paypal...however it then struck me that if the Paypal file has already been hacked...they already have the information...so the only safe thing would be to actually block the credit card, or?

Also no reason to believe the info had to be stolen via the internet. Wouldn't be the first shop to do something like this.

To add to Brian's thought, it is certainly tempting to assume that since both attempts at credit card abuse occured within the past several days and involved Western Union cash transfers, so therefore the events are related and were perpetrated by the same criminals. But in fact there really is no concrete evidence that supports this assumption.

Coincidence does not make correlation.

My credit card company provides web access to their transactions records. I have a practice of checking those records every day, and if something pops up on the list that I don't recognize, I make a point of immediately finding out what it is.

Just this morning I received an e-mail message from PayPal questioning a transaction that supposedly took place on my account yesterday. But the fact that the message was not sent to the e-mail address used to set up my PayPal account tells me that it was a bogus message that was part of a phishing scheme.

What these events tell me is that we have to be very diligent about checking our credit card, bank, PayPal and other financial transaction records on a regular basis for any signs of activity that we don't recall initiating, and if we see something that we don't recognize, take action immediately to file a challenge.

I also experienced CC fraud in the past few days and had a PayPal transaction. However, the perps ordered pre-paid phone cards. I also had a second card and a bank account number on file with PayPal which have not been used. I removed them from PayPal as a precaution, but this would suggest the database itself is not compromised. If eBay/PayPal is the source, it would appear that something is monitoring transactions that include card numbers.

Also, many of us have regular eBay/Paypal transactions, so any fraud from any source is likely to have a correlated eBay/PayPal transaction in the same or recent billing period. A correlation is not a cause and effect, although Gregory's situation is getting stronger.

Steve

It would be difficult to ascertain with certainty where and by whom the fraud was committed. However, E-bay and PayPal are my only transactions in quite some time using the credit card in question.

I now have a new credit card, and I will cancel my other card as well. I will then have it reissued.

It's possible that my credit card information was stolen sometime in the distant past, but my feelings tell me it was PayPal. It's interesting to note that on the same day and nearly the same time that a Western Union transaction was illegally conducted with Kerry's card and mine. What we both have in common is our PayPal accounts.

Going forward, I will make sure to use only one credit card for ALL transactions no matter where they might take place and to stop using my debt card because it's tied directly to my checking account. I can't afford to have my checking account hacked. Also I will not leave any credit card information on file anywhere, making my credit card information vulnerable to theft.

This time around I was lucky thanks to my credit card company; next time I might not be so fortunate.

Please, those of you who have been subject to CC frauds lately...would you please explain what you think they did to buy things...like did they log in to your account through paypal, or did they register an online Western Union (bidpay) account/transaction or do you think they produced a fake Credit card and went to a merchant or?

Registering/re-registering the CC-info on paypal is actually what I always regarded being the most vulnerable part of paypal, since this is when all your CC-info will travel the internet around the world, and one does not know if there is a "virus/ trojan horse"
in the PC taking records of the typing on the keyboard.
Even though this is said to be under the control of https I still do not fully trust this thing. I always double and triple check that the web page is what it says it is...and then keep my fingers crossed.

Some dealers want you to 'checkout' through their webpage and when transferred to Paypal the webpage does not always look like a 'normal' paypal page - scary...
It simply is becoming very hard to understand who you are actually dealing with.

My credit card number was also hijacked. The bank called me Saturday about suspicious activity and it turned out that $700.00 in various charges had gone through. I have fraud protection so no loss, but what a pain! I had the card cancelled-new ones with new numbers on the way. I didn't connect the problem with PayPal, but I did use them Thursday for a transaction so it is possible that is where the theft occured.

It's interesting to note that on the same day and nearly the same time that a Western Union transaction was illegally conducted with Kerry's card and mine. What we both have in common is our PayPal accounts.

Just a thought - none of you said which bank is your CC with... As well you shouldn't advertise, but perhaps you should compare notes in private and see if it's maybe the same bank (or banking group).

It wouldn't be impossible that someone got hold of your accounts through some not very obvious channel. It could also have happened less recently and it simply took some time while information was going around until it ended up with the "end user", so to speak.

I am not saying it is not PayPal, I'm just thinking - eBay/PayPal is big and popular enough that if something happened there it would surely make a big splash in a hurry.

I had three $300 charges on my VISA. When I called the bank to report fraud they told me there are people who just sit around and try cc numbers until they get one that works. They immediately cancelled my card, issued a new one, and issued credits for the charges.

I had three $300 charges on my VISA. When I called the bank to report fraud they told me there are people who just sit around and try cc numbers until they get one that works.....I had the same thing, and the merchant approved the sale with the WRONG expiration date??? And like Doug said, my bank suspects a random hit on cc number.

Patrik,

In regards to my PayPal activities, all of my transactions took place on the PayPal web site and nowhere else.

Incidentally, I informed PayPal of the problem yesterday, and I have not received any e-mail from them. If my problem has made a "big splash," then it would be about as spectacular as a dust particle hitting the Pacific ocean from a height of one meter.

If you are really worried about your credit cards, call your credit card company and talk to them to see what they suggest.

I think as a matter of course for me I will periodically cancel the credit card I use on the Internet to make it just a little more difficult for others to steal my credit card records. ;)