I was at work the day before Yom Kippur. At a time when I had maybe 30 seconds to breathe I checked my personal email and saw that someone had attempted to change my password on Facebook. Luckily an email came to me which I then reported as false.
Yom Kippur came and went. Right afterwards I logged in and saw that Paypal had reported that my little-used account was used to make payments to Facebook, Inc. in the amounts of $250 and $27.26. I saw this and immediately reported the transactions, then changed my Paypal password.
I woke up the next day and saw that I was charged yet a 3rd transaction to Facebook, Inc. in the amount of $300! For good measure, to see that it wasn’t a prank, I went to the website where my credit card was being charged to and saw that indeed money was charged on my credit card!
I again changed my password, disputed the transaction and called up Paypal. The friendly rep. on the other end explained to me that, very simply, someone was able to somehow hack into my Facebook account. From there that person set up a “billing agreement” between my Paypal account and someone’s Facebook account. I was then advised to change my Facebook password (which I did, for the first time in over a year, sadly) while Paypal reviews and refunds my money in 5-10 calendar days. I asked about cancelling my credit card, and it was explained that there was no need; it was simply a matter of changing my Facebook password.
Anyways, in 1-2 days I received an email from Paypal that they have decided to refund my money and that it should appear on my credit card within 5 business days. Happy happy joy joy.
So, what could have prompted someone to do this? Well, Facebook charges for various services, such as Ads and for 3rd-party games on Zynga. Someone could have used my account to either get more page “likes” using Facebook ads on my account (starting on Yom Kippur no less, of all days) or to get to a “higher level” on the Facebook games. Either way, there was a motive, and stealing was not fun.
What This Shows
What does this show? Well, this is not the first time that someone has hacked into Facebook/Paypal for these purposes. Clearly there is a big security hole with Facebook and Paypal, starting with someone “losing a password” on Facebook! To start, security needs to be tightened through both sites since there are a LOT of people utilizing both services.
What We Can Do
What can we do from here? To start:
1. Create Paypal and Facebook emails that are separate from your personal email. If you use the same email for everything it’s then safe to assume that someone sooner or later will exploit that, using that personal email account.
2. If and when this happens again, you first change passwords on all accounts, second call up the service and complain.
3. Hope and pray that these services beef up on their security.
Listen, sadly this is not the first time that I fell victim to identity theft. A few years ago someone created a fake Yahoo account called “firstname.lastname@example.org” (not my real email address), signed up online for credit cards from Bank of America via LLBean (never shopped there before in my life) and the NFL store (I don’t even like Football), then was able to ring up charges in the vicinity of $8,500! Luckily I was able to get that resolved, but it’s amazing how relatively easy it is to steal from someone else online.
Hey, if people can hack into the CIA’s website and GoDaddy, anything can be hacked.