Low End Mac
Search LEM 
Donate · Amazon.com · MacResQ · Advertise
Other Cobweb sites: Low End Living · Reformed.net
Quicklinks: · Power Macs · 'Books · Early Macs · Week's Best Deals · Best Buys · OS Downloads

Mac Musings

PayPal Insecurity

Dan Knight - 2002.08.08

I've used PayPal for years, and I'm convinced that they fill a very real need on the Internet. If anything, they need to do a better job of supporting users outside the US and making their services available to the worldwide audience on the World Wide Web.

They also need to beef up security.

As I discovered on Tuesday, someone using the email address lilbb@spils.com (a free email service) managed to hack my password and add his/her email address at about 3:40 p.m. Central Time on Sunday. This individual then removed my email addresses, blocking me from access to my business account.

Fortunately, I usually have less than $100 in my PayPal account. I try to keep enough there to cover some hosting and access fees that I pay with my PayPal debit card.

Unfortunately, that PayPal account is also linked to my business checking account. On the up side, this means I can send funds via PayPal even if I don't have enough in my PayPal account. PayPal will simply do an electronic funds transfer from my Fifth Third bank account, and then forward the funds to the recipient.

So all it takes for someone to clear out my business account is guessing my password, adding their email address, and then removing my access to the account before I have a chance to respond. And that's exactly what happened.

lilbb then proceeded to clean me out with a $418 and a $1,026 transaction. Another $1,844.70 was attempted, but those funds didn't clear due to insufficient funds.

We've sent out a warning to others, suggesting anyone who uses PayPal reconsider their current password. We thought ours was good, since it wasn't a dictionary word, but that wasn't enough. We recommend using upper case and lower case letters along with numbers and punctuation - all allowed by PayPal - to create a more secure password.

We've also sent email to spils.com about the hack, but we have no idea how helpful they may be. We're also enlisting the assistance of Web savvy users, asking them to check their site logs - if their logs track user IDs, they may be able to help us track down lilbb.

We sure hope so, and also that the money can be recovered. We've just lost the funds needed to pay our bills.

Where Next?

We're going to think long and hard about using PayPal in the future. The system simply isn't secure enough if all it takes is hacking a password to rob someone blind.

If we do decide to continue using PayPal, we will be smart about it and set up a completely separate checking account linked to our PayPal account. That way if someone should hack our account again, our potential loss could be greatly reduced by keeping that account balance very, very low.

We strongly urge the folks at PayPal to beef up security. It's very convenient to be able to add more email addresses to an account with a single password, but it also creates the potential for situations like this.

PayPal needs to provide more security, such as requiring use of a code emailed to an address already on the account before allowing use of any new email address. That simple step would have eliminated our problem.

PayPal should also flag suspicious behavior, such as a lightly used account suddenly being used for several transactions totaling over $3,300. Credit card companies do that kind of thing; PayPal should also.

That said, PayPal has been very helpful in locking the account. I've already filed affidavits electronically about this mess. The only disappointment is that PayPal's investigators have yet to call me back. It's been two days, I'm out $1,500 or so, and they need to do better on callbacks.

Do I recommend against using PayPal? No, or at least not yet. The service is very convenient. Users need to be much more aware of the pitfalls. Make sure your password is obscure, and don't keep much money in the bank account linked to your PayPal account.

Dan Knight has been using Macs since 1986, sold Macs for several years, supported them for many more years, and has been publishing Low End Mac since April 1997. If you find Dan's articles helpful, please consider making a donation to his tip jar.

Recent Mac Musings

  • MacDrought: 4 Months with No New Macs, 08.27. The most recent Mac update was over four months ago, and the Mac mini has been unchanged for over a year.
  • The iMac Legacy: After the G3, 08.15. The G3 iMac influenced the whole industry, but Apple continued to move forward with innovative designs using G4, G5, and Intel processors.
  • The iMac Legacy: The G3 Era, 08.15. 10 years ago today, the original iMac went on sale. One of the most popular lines of computers ever, the G3 iMac would be Apple staples for nearly five years.
  • The Mac App Store, 08.13. Just as Apple now sells iPhone apps through the iTunes Store, it could (and should) do the same with Mac software.
  • More in the Mac Musings index.

Links for the Day

  • Mac of the Day: PowerBook 190cs, Aug. 1995 - The last 680x0-based PowerBook could take a PowerPC upgrade.
  • List of the Day: The iPod List The iPod List is a forum to discuss the iPod, it's accessories, the iTunes Store, iTunes, and related topics.
  • August 28 in LEM history: 95: PowerBook Duo 2300 - 00: Gaming on older Power Macs - 01: AppleShare on Linux - From Beebs and Acorns to Macs - 02: Sleep of Death, - Think smarter? - It's the software, stupid - 06: PowerBook 5300 reminiscence - You might be a Mac fanatic if... - Hiding complexity behind elegant simplicity

Recent Content on Low End Mac

  • 10 Mac Browsers Compared, Simon Royal, Mac Spectrum, 08.28. A look at Internet Explorer, Radon, Opera, Safari, Shiira, iCab, Firefox, Netscape Navigator, Flock, and Camino running in Leopard.
  • Clone and Boot: Another Advantage of the Mac OS, Kev Kitchens, Kitchens Sync, 08.28. Unlike Windows, Apple makes it possible to clone a bootable drive (Classic Mac OS or OS X) and use it with another supported Mac.
  • Best MacBook Deals, Low End Mac Deals, 08.28. Used 1.83 GHz, $799; 2.0 black, $875; refurb 2.1 GHz, $899; 2.4, $1,099; black, $1,299; new 2.1, $1,019 after rebate; 22, $1,094; 2.4, $1,219 a/r; black, $1,394 a/r.
  • Best iMac G5 Deals, Low End Mac Deals, 08.28. Used 17" 1.6 GHz Combo, $499; 1.8 SuperDrive, $530; 2.0, $600; 1.9 iSight, $625; 20" 1.8 GHz, $580; 2.0, $650; 2.1 iSight, $700.
  • Best classic Mac OS Deals, Low End Mac Deals, 08.28. System 6, $10; 7.1, $12; 7.5.1, $4; Mac OS 7.6, $13; 8.0, $13; 8.1, $48; 8.5, $25; 8.6, $20; 9.0, $20; 9.2.2, $20; more.
  • CrossOver Strikes Out, Frank Fox, Stop the Noiz, 08.27. Running Windows apps on a Mac without paying for Windows is great in theory, but actually getting Windows software working is another story.
  • Resurrecting a Dead Pismo, Spotlight Search Tip, and EasyFind a Good File Finder, Charles W. Moore, Miscellaneous Ramblings, 08.27. Lots of tips on bringing a comatose Pismo back to life, a Spotlight file name search tip, and EasyFind as an alternative to Spotlight.
  • Best Intel iMac Deals, Low End Mac Deals, 08.27. Used 17" 1.83 GHz, $625; 20", $599; 2.16, $749; 24", $950; refurb 20" 2.4, $999; 2.66, $1,299; 24" 2.4, $1,299; 2.8, $1,549; new 3.06, $2,094 after rebate; more.
  • Best 15" PowerBook G4 Deals, Low End Mac Deals, 08.27. Used 1.25 GHz Combo, $600; SuperDrive, $650; 1.33 Combo, $640; 1.5, $680; SD, $725; 1.67, $730; hi-res, $800.
  • Best Time Capsule and AirPort Deals, Low End Mac Deals, 08.27. 500 GB Time Capsule, $294; 1 TB, $468; AirPort Extreme Card, $39; 802.11n Base Station, $166; 802.11g AirPort Express, $60; 802.11n, $98.
  • Does Running OS X System Maintenance Routines Really Do Any Good?, Charles W. Moore, Miscellaneous Ramblings, 08.26. Mac OS X is designed to run certain maintenance routines daily, weekly, and monthly - but can't if your Mac is off or asleep.
  • Purposeful Reincarnation for Old Macs, Phil Herlihy, The Usefulness Equation, 08.26. The key is to avoid spending more on upgrades than the final use of the machine can justify.
  • Best Power Mac G5 Deals, Low End Mac Deals, 08.26. Used 1.6 GHz single SuperDrive, C$499; 1.8, $569; dual, $675, 2.0, $800; 2.3, C$899; 2.5, C$1,199; 2.7, $1,225; 2.5 Quad, $1,500.
  • Best 17" MacBook Pro Deals, Low End Mac Deals, 08.26. Used 2.16 GHz Core Duo, $1,330; 2.33 C2D, $1,689; refurb, 2.4, $1,899; new, $2,099; 2.5, $2,558 after rebate; 2.6 Santa Rosa, $2,399 a/r; more.
  • Best iPod shuffle Deals, Low End Mac Deals, 08.26. Refurb 3G 1 GB, $39; new 3G, $45; refurb 2 GB, $59; new, $68.
  • More links in our archive.

Go to the Mac Musings index.

Channels
 Power Macs
 iMac Channel
 iBook/PowerBook
 MacInSchool
Computer Profiles
 iMac
 Power Mac
 PowerBook/iBook
 Performas
 Mac Clones
 Older Macs
 LisaNeXT
Editorial Archive
Mac Daniel's Advice
Email Lists
LEMchat (uses AIM)
Online Tech Journal
Consumer
 advice, reviews
 guides, deals
Software
Apple History
Best of the Web
 Best of the Mac Web surveys
Miscellaneous Links
 Best Used Mac Buys
 Used Mac Dealers
 Video Cards
 Mac OS X
 Mac Linux
 Macspeak
 RAM Upgrades
About Low End Mac
Site Contacts

Open Link

Support LEM

Affiliates

The Apple Store
.mac
iTunes Store
Club Mac
MacMall
MacResQ
ExperCom
eBay
Amazon.com
PayPal
PCMall
PC Zone
Crucial Memory

Our advertising is handled by BackBeat Media. For detailed price quotes and advertising information, please contactat BackBeat Media (646-546-5194). This number is for advertising only.