In case you’re one of those who believed your PayPal and eBay accounts were safe after the recent compromise of eBay’s database, this is a tale of caution. It’s also a question for eBay Inc (NASDAQ:EBAY), which has said repeatedly that the recent hack of its database did not compromise PayPal user information. Although the company itself continues to officially say no PayPal accounts were compromised due to the database breach, a security department representative told us that this hack could have been a result of that breach.
ValueWalk CEO’s PayPal hacked
Unfortunately someone hacked the PayPal account of our own CEO, Jacob Wolinsky. Thankfully, PayPal is in the process of putting things back in order, but it does raise some questions and concerns about the recent breach of eBay Inc (NASDAQ:EBAY)’s database.
The hacker changed his address and initiated four unauthorized transfers from his bank account. The hacker also changed his security questions and answers, possibly in an attempt to lock him out of his own PayPal account. Thankfully PayPal sent him an email saying that they had been changed, which alerted him to the problem.
The transfer of funds is a major cause of concern, particularly if the intent was to get money into the PayPal account so the hacker could spend it. Jacob is unsure if his eBay Inc (NASDAQ:EBAY) and PayPal passwords were the same, but he thinks they were. If so, then we’re wondering whether the hack of his account is related to breach of eBay’s database.
As it turns out, the timing of the hack lines up just about right with the eBay breach, as the first unauthorized transfer was dated May 23. eBay’s messages to users say that if they changed their passwords on May 21 or after, their accounts are safe.
The company continues to deny that the eBay breach earlier this month resulted in any compromise to PayPal accounts. A PayPal spokesperson emailed ValueWalk this response after we contacted them to find out if the hack of Jacob’s account could have been related to the eBay breach:
“eBay has no evidence of unauthorized access or compromises to personal or financial information for users of PayPal. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted. In addition to asking users to reset passwords, eBay Inc. said it encourages any eBay user who used the same password on other sites to change those, too.”
Of course, there’s also the chance that this was an isolated incident. It’s not uncommon for people’s accounts to be hacked. This time they just managed to hit up the CEO of a high-traffic website. But either way, it’s a warning to everyone who uses eBay Inc (NASDAQ:EBAY) and PayPal to change their passwords on both accounts—just in case.
One representative for PayPal initially told Jacob that the hack on his account wasn’t related to the eBay breach. However, a representative in the company’s security department told him that if the passwords on both his eBay and PayPal accounts were the same, the hack on his account could indeed have been related. Jacob also notes that ValueWalk’s corporate PayPal account was not compromised, but there is no eBay account associated with it and the password was different than that of his personal account.
eBay, PayPal say accounts not compromised
You’ve probably already seen numerous statements from eBay Inc (NASDAQ:EBAY) and PayPal stating that its customers’ information was not compromised in the eBay breach. For example, here:
eBay users asked to reset password as a precaution. PayPal account information has NOT been accessed or compromised. http://t.co/0MQhclFJly
— PayPal (@PayPal) May 21, 2014
PayPal accounts have not been affected. PayPal never shares financial information with any merchant. http://t.co/478dutSqaE
— PayPal (@PayPal) May 21, 2014
PayPal account holder information was not accessed or compromised. Learn more: http://t.co/adf7soaTNE.
— eBay Inc. (@ebayinc) May 21, 2014
But this calls all those statements into question.