Paypal account hacked (used paypal to buy Cydia apps)

Discussion in 'Jailbreaks and iOS Hacks' started by emachine87, Jan 19, 2011.

  1. emachine87 macrumors member

    emachine87

    Joined:
    Jun 28, 2010
    #1
    Hi all,

    About two months ago my Paypal account got hacked it has attached to one of my bank accounts and the filthy little thieves tried to charge over 2000 but the jokes on the bc I had $3 in there lol. Anyways i only use my paypal account to buy Cydia apps, is it possible that a developer hacked my account? Also at the time I had Installous on my jb iPhone and a dozen aps could that be related?..Just to be clear I stopped stealing apps...it's wrong I see that now.
     
  2. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #2
    I doubt it had anything to do with the iPhone.
    More likely a weak password or email attached to it that was broken into.
     
  3. Dhelsdon macrumors 65816

    Dhelsdon

    Joined:
    Feb 5, 2010
    Location:
    Canadian Eh!
    #3
    Best thing would be to report it to PayPal that you had your account stolen and they can go through security stuff with you.
     
  4. tempusfugit macrumors 65816

    Joined:
    May 21, 2009
    Location:
    Chicago
    #4


    lol

    Major philosophical awakening in the last two months?
     
  5. jc1350 macrumors 6502a

    Joined:
    Feb 4, 2008
    #5
    You can buy ($5.00) a "security key." It's a one-time-use password generator you use in conjunction with your regular paypal password. You can't log in without it which means no matter how weak your regular password is, this makes it very secure.

    They seem to have switched providers. The one I have is a keychain fob. The current model looks like a paypal branded SecurID card.

    Either way, I highly recommend using one. It also works with Ebay.

    https://www.paypal.com/us/cgi-bin/?...iven/securitycenter/PayPalSecurityKey-outside
     
  6. emachine87 thread starter macrumors member

    emachine87

    Joined:
    Jun 28, 2010
    #6
    Thank you jc1350! :) I might just do that..I've been meaning to buy a few Cydia apps just didn't want to take a chance with paypal. lol I always knew it was stealing but just didn't care enough to stop. Haha damn where DID gif go?!
     
  7. sawah macrumors 6502a

    sawah

    Joined:
    Sep 13, 2010
    #7
    Thanks for the information about the secutiry key. I never knew about that!
     
  8. jc1350 macrumors 6502a

    Joined:
    Feb 4, 2008
    #8
    The instructions for using it states that you enter your regular password, then you'll get an additional page with the field for the token. There is a shortcut:

    enter your password and token together on the regular login page. For example, if your password is 'mypass' and the generated token is '123456' you enter 'mypass123456' for the password.
     
  9. LinMac macrumors 65816

    Joined:
    Oct 28, 2007
    #9
    It is unlikely that Cydia itself is responsible for the breach. They make millions of dollars per year selling applications through their store so stealing accounts using the store would be impossibly stupid on their part.

    It is far more likely that you simply have a virus on your PC which sniffed your login details from your browser.

    Cydia might be what you suspect, but a simpler answer is usually the right one.
     
  10. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #10
    Don't blame the developers, You got a keylogger or password sniffer bundle with an stolen IPA you got from installous and that is how they got your Paypal info, I would change all other password as well (banking, emails, websites, forums) since I am sure that information is also on their hands.
     
  11. Orion126 macrumors regular

    Joined:
    Aug 25, 2010
    #11

    The $3 in your bank account made me lulz.
     
  12. emachine87 thread starter macrumors member

    emachine87

    Joined:
    Jun 28, 2010
    #12
    Well that settles it then, I really do think that I got hacked through an app off Installous (like maturola stated). My passwords are usually pretty strong so that couldn't have been it, as for a virus on my computer I use a MacBook sprinting on snow leopard so that too is unlikely. Thank you for all your help! :) lol $3 is a lot in some countries.
     
  13. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #13
    :confused::confused::confused: LOL not sure how you related the password strength with a keylogger, no matter if you have the strongest password ever thought by a man or machine, a keyogger will ...well "log" it and send it character by character. I am not sure why people so skeptical about hacked ipas, while is not on every single one of them, I seen many reports of real bad bundles mostly with information trackers, specially on app that deal with personal info. Anyway it was an FYI so we don't see you on other forums asking for help because they "Hacked" your email or your private picasa album ;)
     
  14. ZilogZ80 macrumors 6502a

    Joined:
    Aug 5, 2010
    #14
    Is this even possible? Or are you just spreading FUD?
     
  15. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #15
    No i don't spread "FUD", it is very possible, once the Security is remove from the IPA, you can add anything you want and repackage it, not really hard at all. There is not checksum, not size comparison, nothing.

    what would I gain just making something up like that? :confused:
     
  16. ZilogZ80 macrumors 6502a

    Joined:
    Aug 5, 2010
    #16
    Sorry, didn't mean to offend. Just curious as I wasn't aware of any iOS keylogger. I wouldn't have thought a modified IPA could do that as obviously the keyboard is part of iOS and non-modifiable.
     
  17. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #17
    Ok I give you that, it is not "exactly" a keylogger as you see them on a desktop OS, it is more of a information sniffer, they capture the information that is written into the database and copies to another table and them send that info somewhere. I used the word "keylogger" a bit lose but the end result is very similar.
     
  18. ZilogZ80 macrumors 6502a

    Joined:
    Aug 5, 2010
    #18
    Which database are you referring to? I see how Cydia could have a built-in keylogger as you enter you PayPal details directly into the app. I don't see how a pirate/modified app could access info that you type into e.g. Safari or an online banking app though? Again, just curious.
     
  19. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #19
    Well there is not really a "how to hack .." guide so the way hackers do it differs, all I am saying is the way I am familiar with. You can modify an app, let's use Evernote (I now this is a free app, but just to use as an example), Evernote write your information on databases and them send it to be sync with their server, you can modify the way it writes the info the the database and copies all entries to a secondary table and sync that info with a different server. You can simple modify the app so it writes it data in such a way that it is readable from a webapp, them force you to go to such a website and extract the info.
     
  20. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #20
    Not to doubt maturola cause he knows his stuff well but I never heard of such thing with a cracked ipa either. I thought hackulous security protected over malicious code and AppStore apps were sandboxed.
     
  21. ZilogZ80 macrumors 6502a

    Joined:
    Aug 5, 2010
    #21
    I don't see how modifying an app would allow hackers to collect PayPal/credit card passwords though? People are not entering this info directly into apps, that would be madness! Any financial transactions (except the before-mentioned Cydia) that are not related to the App Store would take place securely via a browser, e.g. Safari.
    In fact, I have not even heard of any "modified" IPAs appearing, otherwise surely we would be seeing hacked versions of e.g. Angry Birds, with different graphics/text than normal?
     
  22. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #22
    Well...most cracked games I've seen have modify loading images that says ... Cracked or hacked by < insert Hackers name here>.
     
  23. ZilogZ80 macrumors 6502a

    Joined:
    Aug 5, 2010
    #23
    On iOS?
     
  24. maturola macrumors 68040

    maturola

    Joined:
    Oct 29, 2007
    Location:
    Atlanta, GA
    #24
    LOL..... Of course on iOS...isn;t that what we are discussing ..... ;)


    Edit: here is one SS I was able to find
     
  25. ZilogZ80 macrumors 6502a

    Joined:
    Aug 5, 2010
    #25
    Could you give me an example of one please? This is not something I have seen before so it would be interesting to check out.
     

Share This Page