I got hacked today! That stupid bugger accessed my email at the same time I did and tried to shift my items around, right in front of my eyes! I have known since a long time ago that no information is safe in a web portal. However, the reputable companies do try to have as stringent security measures as possible. Hence I never had a problem doing online purchasing.
So today when I received a notification from PayPal saying my transaction was approved, I got a big shock! SOMEONE had used MY account and signed up somewhere, costing 16.99 Euros! I got the entire transaction and email slip!
03 Sep. 2009 11:23 SGT
Transaction ID: 5G152852K5919015S
Hello [my name],
You sent a payment of €16.99 EUR to RapidShare AG (webmaster@rapidshare.com)
It may take a few moments for this transaction to appear in your account.
Merchant
RapidShare AG
webmaster@rapidshare.com
Instructions to merchant
You haven't entered any instructions. Description Unit price Qty Amount RapidShare.com - PREMIUM (90 days)
Item Number 16 16.99 EUR 1 €16.99 EUR Subtotal €16.99 EUR
Total €16.99 EUR
Payment €16.99 EUR Charge will appear on your credit card statement as 'PAYPAL *RAPIDSHARE'
Payment sent to webmaster@rapidshare.com
From amount $35.90 SGD To amount €16.99 EUR Exchange rate: 1 SGD = 0.473259 EUR
Issues with this transaction?
You have 45 days from the date of the transaction to open a dispute in the Resolution Centre.
Questions? Go to the Help Centre at: www.paypal.com/ch/help.
Get verified – Pay from your bank account and you're 100% protected against unauthorised payments sent from your PayPal account. Log in and click the Unverified link below your name.
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click Help in the top right corner of any PayPal page.
To receive email notifications in plain text instead of HTML, log in to your PayPal account, go to your Profile, and click Notifications.
Then another email was followed, this time by Rapid Share, the company which I supposedly paid to :
RapidShare AG
to [my email address]
date : Thu, Sep 3, 2009 at 11:23 AM
subject : RapidShare - Your access data
mailed-by : rapidshare.com
Dear customer,
Thank you for your purchase. Your Premium account has been activated and you can now download data easily and without waiting. Please ensure that your browser accepts cookies.
==============================
Login: 10584284
Password: SsMMvVUZ
==============================
In the Premium Zone you can adjust settings to download in an even more convenient way.
How does the download function work for a Premium member?
For example, when you click on a link in a forum, a guestbook or in an e-mail message, you will get to the RapidShare page and a selection screen will appear. At the bottom of the list click on the "Premium" button. You may need to scroll down a bit. If you have already used your Premium Account, RapidShare recognizes a cookie and you can save the file immediately. If you are logging in for the first time, you get an error message. Under the message you can enter your access data, and then save the desired file. Your cookie will be automatically recognized when you visit RapidShare again.
As described in our FAQ, RapidShare offers no search function. Only the owner of the file has the download link and decides to whom to pass it. However, references appear on websites or in forums, which can often be found using a search engine.
Best regards,
Your RapidShare Support Team
RapidShare AG
Gewerbestrasse 6
6330 Cham
Switzerland
Web: http://www.rapidshare.com
This message is confidential and intended for the recipient only. It is not allowed to copy this message, or to make it accessible for third parties. If you are not the intended recipient, please notify the sender by email.
Immediately after that, Paypal sent another email :
from : service@paypal.com.sg
to : [my email address]
date : Thu, Sep 3, 2009 at 11:23 AM
subject : Notification of Limited Account Access RXI052
signed-by : paypal.com.sg
Dear [my name],
As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account.
We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Reference Number: PP-778-594-569
For your protection, we have limited access to your account until additional security measures can be completed. We apologise for any inconvenience this may cause.
To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Centre. If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Centre and clicking "Contact Us".
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologise for any inconvenience.
Yours sincerely,
PayPal Account Review Department
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link in the top right corner of any PayPal page.
----------------------------------------------------------------
Copyright ©1999-2009 PayPal. All rights reserved.
Consumer advisory- PayPal Pte. Ltd., the holder of PayPal’s stored value facility, does not require the approval of the Monetary Authority of Singapore.
Users are advised to read the terms and conditions carefully.
PayPal Email ID
Nevertheless, I called the bank immediately. The officer told me that S$35.90 was charged (equivalent amount to 16.99 Euro), so I told her it was a fraudulent transaction and to have it cancelled. Hence she blocked my card immediately and told me that a new card would be on its way over.
Then when I was accessing my email account, RIGHT IN FRONT OF ME, someone replied to Rapid Share, stating “Why my account is blocked???”. Then that person deleted all references to paypal and Rapid Share! I tried to resurrect it from the Trash, but he played with my items and even removed them for me! Hence, some items from my Inbox were removed too! Even my email chat could not work for that interim!
Luckily I copied and pasted the emails as evidence. At the bottom of my email account, the message stated there “Your account is being accessed at 1 other location”, with the IP address stated. So I checked my records and that particular person accessed my account for three minutes, created havoc in my Inbox, and refused to let me sign out! When I could finally sign out, I changed my password immediately.
My friend told me to stop using that email account and change to another one altogether, but if I am to change email address again, it is going to create trouble for others since they have to replace my email address all over again!
So I did a track and turned out that the person who accessed my account was using a server from Jakarta. This is what the report look like :
IP Address: 114.125.22.82
Source: whois.apnic.net
Prefix: 114/8
Designation: APNIC
Status: ALLOCATED % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 114.120.0.0 - 114.127.255.255
netname: TELKOMSEL-ID
descr: PT. Telekomunikasi Selular (Telkomsel) Indonesia
descr: Cellular Network Provider
descr: Jakarta Pusat
country: ID
admin-c: HT318-AP
tech-c: HT318-AP
remarks: Send Spam & Abuse Reports to:
remarks: [Email Removed]
status: ALLOCATED PORTABLE
mnt-by: MNT-APJII-ID
mnt-lower: MAINT-ID-TELKOMSEL
mnt-routes: MAINT-ID-TELKOMSEL
changed: [Email Removed] 20080522
changed: [Email Removed] 20090109
source: APNIC
person: Hostmaster Telkomsel
nic-hdl: HT318-AP
e-mail: [Email Removed]
address: PT. Telkomsel
address: Wisma Mulia, lt.8
address: Jl. Gatot Subroto 42
address: Jakarta
phone: +62-21-5240811
fax-no: +62-21-5272977
country: ID
changed: [Email Removed] 20090109
mnt-by: MAINT-ID-TELKOMSEL
source: APNIC
I cannot believe this can actually happen to me! Now short of stop using the internet and email altogether, what else can I do to prevent being hacked? How did those people even manage to get my personal information in the first place?? The most ironic thing is that I got hacked ON MY OFFICE LAPTOP, when it was supposed to be more secure than my home, yet I never once got hacked when I was using my own laptop at home! @%^#*(&(@(Y!!!
So today when I received a notification from PayPal saying my transaction was approved, I got a big shock! SOMEONE had used MY account and signed up somewhere, costing 16.99 Euros! I got the entire transaction and email slip!
03 Sep. 2009 11:23 SGT
Transaction ID: 5G152852K5919015S
Hello [my name],
You sent a payment of €16.99 EUR to RapidShare AG (webmaster@rapidshare.com)
It may take a few moments for this transaction to appear in your account.
Merchant
RapidShare AG
webmaster@rapidshare.com
Instructions to merchant
You haven't entered any instructions. Description Unit price Qty Amount RapidShare.com - PREMIUM (90 days)
Item Number 16 16.99 EUR 1 €16.99 EUR Subtotal €16.99 EUR
Total €16.99 EUR
Payment €16.99 EUR Charge will appear on your credit card statement as 'PAYPAL *RAPIDSHARE'
Payment sent to webmaster@rapidshare.com
From amount $35.90 SGD To amount €16.99 EUR Exchange rate: 1 SGD = 0.473259 EUR
Issues with this transaction?
You have 45 days from the date of the transaction to open a dispute in the Resolution Centre.
Questions? Go to the Help Centre at: www.paypal.com/ch/help.
Get verified – Pay from your bank account and you're 100% protected against unauthorised payments sent from your PayPal account. Log in and click the Unverified link below your name.
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click Help in the top right corner of any PayPal page.
To receive email notifications in plain text instead of HTML, log in to your PayPal account, go to your Profile, and click Notifications.
Then another email was followed, this time by Rapid Share, the company which I supposedly paid to :
RapidShare AG
to [my email address]
date : Thu, Sep 3, 2009 at 11:23 AM
subject : RapidShare - Your access data
mailed-by : rapidshare.com
Dear customer,
Thank you for your purchase. Your Premium account has been activated and you can now download data easily and without waiting. Please ensure that your browser accepts cookies.
==============================
Login: 10584284
Password: SsMMvVUZ
==============================
In the Premium Zone you can adjust settings to download in an even more convenient way.
How does the download function work for a Premium member?
For example, when you click on a link in a forum, a guestbook or in an e-mail message, you will get to the RapidShare page and a selection screen will appear. At the bottom of the list click on the "Premium" button. You may need to scroll down a bit. If you have already used your Premium Account, RapidShare recognizes a cookie and you can save the file immediately. If you are logging in for the first time, you get an error message. Under the message you can enter your access data, and then save the desired file. Your cookie will be automatically recognized when you visit RapidShare again.
As described in our FAQ, RapidShare offers no search function. Only the owner of the file has the download link and decides to whom to pass it. However, references appear on websites or in forums, which can often be found using a search engine.
Best regards,
Your RapidShare Support Team
RapidShare AG
Gewerbestrasse 6
6330 Cham
Switzerland
Web: http://www.rapidshare.com
This message is confidential and intended for the recipient only. It is not allowed to copy this message, or to make it accessible for third parties. If you are not the intended recipient, please notify the sender by email.
Immediately after that, Paypal sent another email :
from : service@paypal.com.sg
to : [my email address]
date : Thu, Sep 3, 2009 at 11:23 AM
subject : Notification of Limited Account Access RXI052
signed-by : paypal.com.sg
Dear [my name],
As part of our security measures, we regularly screen activity in the PayPal system. During a recent screening, we noticed an issue regarding your account.
We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.
Reference Number: PP-778-594-569
For your protection, we have limited access to your account until additional security measures can be completed. We apologise for any inconvenience this may cause.
To review your account and some or all of the information that PayPal used to make its decision to limit your account access, please visit the Resolution Centre. If, after reviewing your account information, you seek further clarification regarding your account access, please contact PayPal by visiting the Help Centre and clicking "Contact Us".
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologise for any inconvenience.
Yours sincerely,
PayPal Account Review Department
Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, log in to your PayPal account and click the Help link in the top right corner of any PayPal page.
----------------------------------------------------------------
Copyright ©1999-2009 PayPal. All rights reserved.
Consumer advisory- PayPal Pte. Ltd., the holder of PayPal’s stored value facility, does not require the approval of the Monetary Authority of Singapore.
Users are advised to read the terms and conditions carefully.
PayPal Email ID
Nevertheless, I called the bank immediately. The officer told me that S$35.90 was charged (equivalent amount to 16.99 Euro), so I told her it was a fraudulent transaction and to have it cancelled. Hence she blocked my card immediately and told me that a new card would be on its way over.
Then when I was accessing my email account, RIGHT IN FRONT OF ME, someone replied to Rapid Share, stating “Why my account is blocked???”. Then that person deleted all references to paypal and Rapid Share! I tried to resurrect it from the Trash, but he played with my items and even removed them for me! Hence, some items from my Inbox were removed too! Even my email chat could not work for that interim!
Luckily I copied and pasted the emails as evidence. At the bottom of my email account, the message stated there “Your account is being accessed at 1 other location”, with the IP address stated. So I checked my records and that particular person accessed my account for three minutes, created havoc in my Inbox, and refused to let me sign out! When I could finally sign out, I changed my password immediately.
My friend told me to stop using that email account and change to another one altogether, but if I am to change email address again, it is going to create trouble for others since they have to replace my email address all over again!
So I did a track and turned out that the person who accessed my account was using a server from Jakarta. This is what the report look like :
IP Address: 114.125.22.82
Source: whois.apnic.net
Prefix: 114/8
Designation: APNIC
Status: ALLOCATED % [whois.apnic.net node-1] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 114.120.0.0 - 114.127.255.255
netname: TELKOMSEL-ID
descr: PT. Telekomunikasi Selular (Telkomsel) Indonesia
descr: Cellular Network Provider
descr: Jakarta Pusat
country: ID
admin-c: HT318-AP
tech-c: HT318-AP
remarks: Send Spam & Abuse Reports to:
remarks: [Email Removed]
status: ALLOCATED PORTABLE
mnt-by: MNT-APJII-ID
mnt-lower: MAINT-ID-TELKOMSEL
mnt-routes: MAINT-ID-TELKOMSEL
changed: [Email Removed] 20080522
changed: [Email Removed] 20090109
source: APNIC
person: Hostmaster Telkomsel
nic-hdl: HT318-AP
e-mail: [Email Removed]
address: PT. Telkomsel
address: Wisma Mulia, lt.8
address: Jl. Gatot Subroto 42
address: Jakarta
phone: +62-21-5240811
fax-no: +62-21-5272977
country: ID
changed: [Email Removed] 20090109
mnt-by: MAINT-ID-TELKOMSEL
source: APNIC
I cannot believe this can actually happen to me! Now short of stop using the internet and email altogether, what else can I do to prevent being hacked? How did those people even manage to get my personal information in the first place?? The most ironic thing is that I got hacked ON MY OFFICE LAPTOP, when it was supposed to be more secure than my home, yet I never once got hacked when I was using my own laptop at home! @%^#*(&(@(Y!!!
3 comments:
This is very worrisome. It looks to me more like your account was "skimmed" rather than "hacked" though.
Did you ever use any wireless internet service to log into your e-mail? If you did, that might be the cause. Or, if you have been logging from your office network, there might have been some cache stat stored your password somewhere.
Do keep all these record and if you have the time and inclination, make a police report. It involves money, so is quite serious.
I use wireless internet from my home and overseas, but I never store my password whenever I log on from my office laptop, and always clears the cache at the end of the day.
Not much harm done now since I blocked the payment, but I did have a record of all that happened so I can lodge a report anytime I want to.
Passwords have to be transmitted to the sites. So, even if you have cleared them at your side, they still leave traces (especially on a company network).
Public wireless access is not secure. There are ways to "peek" into the data stream, or route your communication through a compromised router (which hosts a keylogger)
Better report soon. In case the person tries again.
Post a Comment