PayPal account compromised - Jailbroken iPhone?

Discussion in 'Jailbreaks and iOS Hacks' started by LMD75, Aug 20, 2011.

  1. LMD75, Aug 20, 2011
    Last edited: Aug 20, 2011

    LMD75 macrumors 6502

    Joined:
    Oct 5, 2010
    #1
    Some scumbag just gained access to my PayPal account and stole over 500 USD from my bank account and reset my password. Luckily I received a email alert on my iPhone which raised suspicion and I managed to get the money refunded a day later.

    Admittably I used the same passwords for my Gmail and PayPal accounts but with different email addresses. Also while on holiday I did logon to my Gmail account on a relative's desktop which has all sort of crap installed on it /was dog slow. Also foolishly I had a saved debit card on PayPal.

    My desktop and laptop are free from viruses /spyware and I never logon to unsecure /hotspot wifi networks.

    I can also spot a phishing email a mile off which now brings me onto the security of my jailbroken iPhone.

    How safe is a jailbroken iPhone? I am running 4.2.1 GreenPoison and the first thing I did was change the default SSH password. I have also disabled and do not use SSH. Are there any other vulnerabilities?

    I do have the PayPal app installed on my device but I also have a piece of software called 'mSecure' which I use to save all my web logon, bank and credit card details. This is an official iTunes app and is meant to have 256bit Blowfish encryption.

    I am very puzzled in how someone gained access to my PayPal password. Anyway, I now have a different password for every single account I own and I ensure that my email account contains no information that can compromise any of my accounts. I have also removed my debit card information from PayPal and changed all the security questions. Also within the mSecure app I do not enter the passwords as plain text and instead I put something like "Jonny's cat + Dino's DOB" as a reminder for the password.

    When IOS5 is released I am thinking about going stock. Is my issue likely due to logging onto a relatives PC with a keylogger /malicious software installed or some security hole on my iPhone?
     
  2. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #2
    I don't think this is related to the jailbroken iPhone. As long as you have changed the root/mobile passwords or don't use SSH and haven't left your iPhone where an unauthorized person could have gotten physical access to it for a few minutes, your iPhone isn't the cause of your misfortune.
     
  3. labman macrumors 604

    labman

    Joined:
    Jun 9, 2009
    Location:
    Mich near Detroit
    #3
    100+ I have had a Paypal Acct since 2006 also been JB since about 2008. however I do change my passwords fairly regular and use more secure password with letters and numbers. most people use there wife/girlfriend/boyfriend or pets. Allot of passwords can be guessed.
     
  4. nebo1ss macrumors 68030

    Joined:
    Jun 2, 2010
    #4
    Are you also a member of modmyi and do you happen to use the same password and email address there. I had my gmail account hacked, fortunately only damage was spam.

    However, I was able to track it back to Modmyi which is the only place that had my gmail address and the same password as my gmail account. The Spam message that were sent out on my account were also all relating to the iphone.
     
  5. LMD75 thread starter macrumors 6502

    Joined:
    Oct 5, 2010
    #5
    I have had the Modmyi app installed on my iPhone but have never had an account with them.

    However I have created accounts on forums using same the same email address and password as my email /Gmail account. Lesson learned.

    One other point to mention is that I subscribe via Paypal to a UK VPN provider.
     
  6. labman macrumors 604

    labman

    Joined:
    Jun 9, 2009
    Location:
    Mich near Detroit
    #6
    FYI never use the same passwords for any of your money accounts i have 2 different banks paypal, ebay etc plus a couple others each has there own password. none of them have password from forums or anyplace I go casually.
     
  7. Almeuit macrumors regular

    Joined:
    May 25, 2011
    #7
    I use PayPal on my phone all the time... never had this issue. Just sounds like your password might have been to easy or they got it another way.
     
  8. LMD75 thread starter macrumors 6502

    Joined:
    Oct 5, 2010
    #8
    I used Paypal for ten years with no problem either until now. There was no way that someone would guess my password as it was something like "H3675htz" (i.e. it was meaningless to the average Joe). I would say that it was compromised via a forum due to same same email and password or a keylogger on a dodgy PC.

    Lesson learned for me and it is reassuring to know that it was highly unlikely due to my jailbroken iPhone.

    Thanks all.
     
  9. Dhelsdon macrumors 65816

    Dhelsdon

    Joined:
    Feb 5, 2010
    Location:
    Canadian Eh!
    #9
    Hi guys,

    I didn't see anyone post this here so I thought I should, Paypal now has a 'Security Key' which is a credit card sized device that randomly generates security keys which if your signed up, you use the code with your regular login info. You can either buy the card or sign up for a mobile security key. It does the same thing, but they send the codes by text message.

    The first option is 5.99 USD, and the second is free.

    I have not used these myself but I am debating on getting the security card myself.

    Here is a link with more information directly from PayPal's website

    Credit card:
    [​IMG]

    This one is a keychain:
    [​IMG]
     
  10. LMD75 thread starter macrumors 6502

    Joined:
    Oct 5, 2010
    #10
    Dhelsdon - Thanks for that information. I did see that they do offer a software and hardware token as an extra level of security. However I am going to simply add my card details each time I make a transaction and then remove as soon as its completed.
     
  11. Dhelsdon macrumors 65816

    Dhelsdon

    Joined:
    Feb 5, 2010
    Location:
    Canadian Eh!
    #11
    If you don't shop online a lot, that is do-able. but for someone like me who shops online almost everyday it just wouldn't work.

    I hope that you find a solution that works for you!
     
  12. LMD75 thread starter macrumors 6502

    Joined:
    Oct 5, 2010
    #12
    I am lucky if I use Paypal about once to twice a month but if I did use it more I would too have a hardware token.

    Does anyone here use Firewall IP for their iPhone?

    I would like to 100% make sure that no jailbroken app /add-on is sending personal information I don't want sending.

    Battery life does not seem to be draining any faster. When I go to bed with a 100% charged phone it is normally 97% in the morning.
     
  13. mickpearcey macrumors member

    Joined:
    Jun 25, 2011
    Location:
    England
    #13
    I doubt its related, but I must admit that security is an issue at PayPal at the moment.

    About 2 months ago I got a phone call from PayPal asking whether my latest transaction was genuine as my average purchases never go above £200, I nearly had a heart attack as I hadn't done any online shopping for a few weeks... turns out someone had hacked into my PayPal account and sent a payment of £1943 to another account. I quickly phoned the Bank and the money indeed had been removed from my balance but after a few days of investigation by PayPal they instantly credited it into my PayPal account, just had to transfer it back into the bank after that.

    Apologies for the wall of text. :)
     

Share This Page