Change your PayPal Password - Access Attempts

Whatever information was obtain was used to attempt to access my paypal account on September 6th and September 9th.

This is the IP of the first attempt, the second, on September 9th is identical.

84.47.180.168 Sep. 6, 2006 14:52:33 PDT Russia

Hm. Where on paypal is that logged?

Good question! I can't find IP logs anywhere in my PayPal interface.

Why would I need to change my password? It's just as safe as any other password I might choose.

I'd like to see a screenshot of what PayPal shows when it tells users of attempted intrusion. This isn't the first mention of an attempt to access a PayPal account.

Of course, I/we expect that sensitive personal info will be hidden. Thanks.

It could also be an email he got from a scammer out doing a bit of phishing.

If you ever get an email that say anything about bank/credit card accounts and has a link, do not click on the link. Go directly to the organizations site and if you don't see anything there about the email that was sent, give them a call.

I received an emal from them informing me of the possible intrusion attempts.

The forced me to go through a security verification and, during that process, showed me the suspect access actions.

I copied one of them as a demonstration for other SL people that might not have checked their paypal email.

Unfortunately, I can't access the information outside their security validation procedure.

Anyway, if you haven't checked your paypal email since the 6th, I strongly recommend that you do.

In terms of the password - it was the recommended action, so I'm passing that on, whether it makes sense in your particular situation is up to you.

Apparently, there was sufficient unencrypted information and they have sufficient computer resourses to act upon the information they obtained from the database in a short amount of time.


Mugzy,

I've gotten paypal phished before - I always go directly to the site - great advice though.

Russia??

Search results for: 84.47.180.168


OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 84.0.0.0 - 84.255.255.255
CIDR: 84.0.0.0/8
NetName: 84-RIPE
NetHandle: NET-84-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS3.NIC.FR

hooooo boy...

You did not happen to click on a LINK in that email, did you? I do hope you opened your browser and typed in Paypal's URL directly.

Halfway there, Solstice. See that second WHOIS link? You have to do a RIPE WHOIS to get the final owner. It's Russian.

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '84.47.180.0 - 84.47.180.255'

inetnum: 84.47.180.0 - 84.47.180.255
netname: VPN-3
descr: Formatek, Moscow,Sokol
country: RU
admin-c: VA902-RIPE
tech-c: VA902-RIPE
status: ASSIGNED PA "status:" definitions
mnt-by: NAUKANET-MNT
source: RIPE # Filtered

person: Vladimir Aksenov
address: OOO "Formatek"
address: 2-nd Peschanaya str, 2/1
e-mail: [email]admin@formatek.ru[/email]
phone: +7 495 1577677
fax-no: +7 495 1577677
nic-hdl: VA902-RIPE
source: RIPE # Filtered

If you go this via email, you better go change your password again. Its common practice for scammers to send out emails directing someone to a site that looks like the paypal site, but really just logs your user information so they can gain access to your account.

No, I'm too old and abused by life to fall for that one

I deleted my post too late - I saw your last sentence.

I am seeing charges on my cc, it would be nice to know when exactly the database was considered 'compromised'

Anyway, SL does not have anyone's paypal password.

Remember, when you setup paypal as your payment method, it sends you to paypal.com to authorize SL to bill you.

reading comprehension FTW

However, if you used the SAME password on SL as you do Paypal, it just might be a good idea to change it.

They were not phished. These alerts are appearing when you sign into your Paypal account - it has happened to SL members this weekend, this is not the first report of it. The warning is legit - it is coming from Paypal within their own site.

Here's what the email looks like - I go directly to the site as a matter of habit, legit though


We recently noticed one or more attempts to log in to your PayPal account from a
foreign IP address.

If you recently accessed your account while traveling, the unusual log in
attempts may have been initiated by you. However, if you did not initiate the
log ins, please visit PayPal as soon as possible to change your password:

Changing your password is a security measure that will ensure that you are the
only person with access to the account.

Thanks for your patience as we work together to protect your account.

Sincerely,
PayPal

Yep. this is phishing.

http://tinyurl.com/4pn9h

The link goes to a post telling all about this scam, the post is on antiphishing.org.

No, it is not phishing. Two of the people affected by this got the messages after DIRECTLY signing into Paypal. April Chung and Torrid Midnight both had the exact same warnings in the Paypal account. Not from an email. April Chung received the warning when confirming a payment by signing into Paypal, and Torrid received it when checking her account after signing in directly at Paypal.com . The phishing email in question is effective because it does make use of an actual warning message that Paypal uses, which is how phishing attempts are successful. There is definitely a problem going on related to the SL security breach and Paypal accounts. The only way to tell is to actually go to Paypal.com and sign in directly - the warning message will appear upon signin.

Good find, Mugzy. Rakka... please humour us and change your PayPal password again.


Edit: Cris, good point. However, people will still be getting those emails sometimes and clicking the link within. Now is as good a time as any to educate people: IF this notice comes as an email, delete it! Only log into Paypal by using a bookmark you made, or by typing the URL.

i dont have issues with my paypal, nor a warning to change anything, but i do have charges dating from 8/28 from someone using the in-grme system to buy lindibux...anyone have or heard similar reports?

Wow thanks for that Phishing link! This is one of the best Phishing schemes I have seen!

My question is though....how did they already know part of my account info, like it named my bank in the drop down menu when asking for my complete info???

Yeah, I get about 5 Paypal phishing things a day. If this had only been an email thing, I wouldn't have thought twice about it. However, reports keep coming in of people having their Paypal accounts accessed from Russia this weekend, and it is quite concerning. At a minimum, it can't hurt to change your password anyway just to be on the safe side - it is a good practice to regularly change your password anyway.