How Much Is A Hacked PayPal Account Worth?
We all know that you can practically buy anything on the Internet, from bulk email accounts over credit card information and even PayPal accounts.
Brian Krebs in a post on the Krebs on Security blog sheds some light on the latter. He identified websites were PayPal account data, and sometimes linked email account information, were sold in bulk.
According to his information, PayPal accounts are sold for as little as $50 per 100 unverified accounts. 50 cents per account may not seem like much, but you need to consider that unverified means that the original owner has not linked the account to a bank account or credit card. This limits what can be done with the account (while it is possible to use it to move money, it cannot be used to make purchases if the PayPal balance is not sufficient).
Verified accounts on the other hand start at prices of $2.50 for PayPal accounts with a balance of up to $10, and more if the balance is larger. You see a larger account with a balance of more than 1000 Dollars go for $45 at the site selling those hacked accounts.
It is rather interesting that the site not only lists the account balance, first name address and type of account but also much of the user's email address. Registration at the site is closed and only possible by contacting a site operator over ICQ.
Considering that email addresses are listed, it would make sense for PayPal to try and get an account to block all hacked accounts before third parties can use them for illegal activities.
Brian believes that the majority of accounts for sale have been collected via phishing attacks, but that trojans on user computers have also been used considering that some of the PayPal accounts are sold with linked email account log ins.
It feels kinda strange that a site like this can operate for a relatively long time without being taken down by the authorities. I won't link directly to the site, but you find the link and a sister site mentioned in Brian's article.
I personally would have expected the accounts to be sold at higher prices. This can either mean that demand is not high, or that the site operators have access to a lot of hacked PayPal accounts.
What's your take on this?
That’s why I stay away from things like PayPal.I don’t even bank or pay bills online.
Well… I think is almost impossible not to have a Paypal account, if you want to buy things online. I suppose ItÂ´s the least dangerous option (much better than giving your credit card info to every site you work with). I just try to have a well protected system (firewall, sandboxie, anti keylogger, etc). Praying also helps! :)
nah paypal is not safe at all SWIM can get easily over 100 paypal accs in 10min.
Though one knows that this kind of stuff exist, its still scary to see proven examples.
I’m off, to change all my passwords…no, i shall disconnect first, then wipe my installation before i restore from backup. But wait, maybe there is a trojan within the backup…
Halp !! :p
Thanks for the heads up. I wasn’t aware how insecure Paypal is. Glad I dumped it over the blocking of Wikileaks donations. I’m not a donor, but I don’t like the idea of foreign politics determining how I might want to legally spend my money. Now if only I could find a replacement for Mastercard.
Why would someone sell an account with $1000+ in it for $45 rather than spend the balance themselves? These phishers seem very fishy.
Good question. I’d say they either are only in the hacking businesses and do not need that extra burden or they do not want the payments linked to them. I mean, if you make payments you have to get something for it which could be linked to them or a third party.
i think someone should send the link to paypal, maybe they are receiving money for selling the accounts by paypal…
i own a store of Mobiles Unlocking… many times i receive payments from stolen paypal accounts, i set my website to send an email to the paypal email that a payment have been made. most of the time i receive an email back that they did not make the purchase and i instantly block the account and refund the payment. some paypal users are too lazy to send an email, they just fill a fraud on paypal after days or weeks :s they get their money back, but the user that used their paypal still gets the item and i loose money :s
just a tip: don’t enter your paypal email and password on websites, just check the address bar in your browser, whenever you make a payment the address bar should be https://paypal.com, also you can check the https and the certificate if it is on paypal as some hackers are using paypal.com.xxx.com or something similar…
Every time that I try to reset my password for PayPal the info never gets to my email acct. How, is this happening and WHY? Please help me remedy this issue?
Have you checked the spam folder? If it is not in there, ask PayPal, they should be able to tell you if the email was sent out actually.