I woke up from an afternoon nap after running my first 5K today, and I see two emails about transactions I made to nexon.net (some MMORPG site) while I was sleeping. USD$60 charged.

I filed unauthorized use claims and I emailed Nexon. From what I can tell, the big demographic is 12-14 year olds (I have two cousins, 14 and 11, that play games from here so this is what I figure).

I am one annoyed person. I told both PayPal and Nexon that I'd like to find who did it and press charges or something. I don't know if that's doable but I'd at least like to call whoever did it and threaten them or something.

Ugh.

</rant>

I woke up from an afternoon nap after running my first 5K today, and I see two emails about transactions I made to nexon.net (some MMORPG site) while I was sleeping. USD$60 charged.

I filed unauthorized use claims and I emailed Nexon. From what I can tell, the big demographic is 12-14 year olds (I have two cousins, 14 and 11, that play games from here so this is what I figure).

I am one annoyed person. I told both PayPal and Nexon that I'd like to find who did it and press charges or something. I don't know if that's doable but I'd at least like to call whoever did it and threaten them or something.

Ugh.

</rant>

If it didn't happen on your pc, you'll have to file a complaint with the court, as they are the only ones who will grant you the permission to see what person belongs to what IP address (at that time).

Before pressing charges however, I would talk to your cousins to make sure they didn't do it. And punish them (or get your brother/sister to do it) accordingly.

Before pressing charges however, I would talk to your cousins to make sure they didn't do it. And punish them (or get your brother/sister to do it) accordingly.

My cousins are in Calgary, AB and I am in Tucson, AZ. I never talk to them unless I am in Calgary, and this is twice a year.

I'd be annoyed, too, if my PayPal account got compromised. Don't forget to change your password a.s.a.p.

Good luck with the unauthorized use claims process and, if necessary through the court. Try not to get into trouble if you choose to "blast" the culprits once you're sure that you've correctly identified them.

I think generally paypal accounts getting hacked is taken fairly seriously, seeing that there's actual money involved (whereas if no money was taken they'd probably just ignore it and give a lecture about safe passwords).

You probably would need to file a case with the courts, but Paypal should be able to give you more info than we can, I'd be surprised if they didn't have detailed instructions for exactly this kind of event.

My cousins are in Calgary, AB and I am in Tucson, AZ. I never talk to them unless I am in Calgary, and this is twice a year.

While I don't know those cities, I presume there aren't close to each other.

Unless they had physical access to your pc, it's extremely unlikely they had anything to do with it.

Yeah, may be time to report it to the proper authorities.

Here is how you stop unauthorised PayPal transactions. Basically use a bank account that has no overdraft/credit facility and leave no money in it. Then only transfer funds to this account when you intend to make a purchase using paypal. If a scammer gets access to your paypal account, they will find they have no access to any funds and simply move on to the next one.

While I don't know those cities, I presume there aren't close to each other.

Unless they had physical access to your pc, it's extremely unlikely they had anything to do with it.

Yeah, may be time to report it to the proper authorities.

Yeah, AZ is in the southwestern US, and AB is in western Canada. Not exactly close to each other.

Anyway, thanks for all you support guys. Hopefully Nexon and PayPal help me out in this regard and I don't need to do anything more. We'll see.

My password was 14 characters and alphanumeric. How it got cracked is beyond me. Definitely changed now.

Yeah, AZ is in the southwestern US, and AB is in western Canada. Not exactly close to each other.

Anyway, thanks for all you support guys. Hopefully Nexon and PayPal help me out in this regard and I don't need to do anything more. We'll see.

My password was 14 characters and alphanumeric. How it got cracked is beyond me. Definitely changed now.

Have you used your paypal account on a Windows pc, ever?

Maybe some kind of keylogger/spyware got it?

Have you used your paypal account on a Windows pc, ever?

Maybe some kind of keylogger/spyware got it?

I don't remember the last time I used a Windows machine for surfing the 'net, let alone for financial stuff. I've been running Ubuntu since fall '08.

I feel like someone who got my data with a keylogger or spyware would be way more ambitious than $60 for a kid's MMORPG site. I really think it was just some punkass script kiddie or something.

I really think it was just some punkass script kiddie or something.

The problem is that unless you run the script yourself on Ubuntu, that isn't possible.

Here is how you stop unauthorised PayPal transactions. Basically use a bank account that has no overdraft/credit facility and leave no money in it. Then only transfer funds to this account when you intend to make a purchase using paypal. If a scammer gets access to your paypal account, they will find they have no access to any funds and simply move on to the next one.

This idea is compelling. I'll have to see if my bank will let me do this.

The problem is that unless you run the script yourself on Ubuntu, that isn't possible.

Brute-force attack? I am absolutely stumped. I feel like my former password was way too long for this, and again it was alphanumeric. *shrug*

This idea is compelling. I'll have to see if my bank will let me do this.

Of course you bank will let you do this, I'd actually recommend using a different bank to your regular one.

Brute-force attack? I am absolutely stumped. I feel like my former password was way too long for this, and again it was alphanumeric. *shrug*

If by some miracle you ever find out how it happened, make sure to tell us.

I'm interested.

--

Just thinking out loud here.

Do you use wireless or wired?

Could a man-in-the-middle attack get that password?

Apparently this is not an isolated incident:

http://www.complaintsboard.com/complaints/nexon-america-inc-c40152.html

Check out the 3rd comment.

EDIT: More complains. http://www.complaintsboard.com/complaints/nexon-america-inc-c134411.html

My password was 14 characters and alphanumeric. How it got cracked is beyond me. Definitely changed now.

If you use the same password anywhere else it could be that someone hacked another site you're a member of, which enabled them to get your email address and the password for that site, then they just checked to see if it works on paypal and/or your email account.
Either the smaller site may not use encryption (if they did a 14-digit alphanumeric would still be safe) or said person made a change to the login page to log each login uname/password and whether it works.

Or of course it could have been phishing or something.

Apparently this is not an isolated incident:

http://www.complaintsboard.com/complaints/nexon-america-inc-c40152.html

Check out the 3rd comment.

EDIT: More complains. http://www.complaintsboard.com/complaints/nexon-america-inc-c134411.html

Wow.

That would surprise me.

Paypal has a good reputation, stuff like that could seriously harm them.

The guy who maid the threat is right to.

I'm also fed up with stuff like that. Not the paypal stuff, never had a problem with that, but the sms stuff.

Had it happen a number of times, never got my money back.

Skype randomly took AUD$80 from my paypal account last month. I've never even used skype before.

They refunded it, but with all the fees I was down about AUD$15... maybe I'll email them this week about that....