PayPal Security: Hacked Websites & Your Money

TL;DR

If a web shop you use is hacked, your PayPal account could be at risk. It’s unlikely they can directly steal money from your PayPal, but they might get enough information to make fraudulent purchases or try phishing attacks. Check your transactions regularly and report anything suspicious. Strong passwords and two-factor authentication are key.

What Happens If a Website is Hacked?

When a website gets hacked, the attackers often try to steal data. This can include:

• Payment information: Credit card details (if stored), but more likely PayPal email addresses and potentially transaction IDs.
• Account details: Usernames, passwords, addresses, phone numbers.

They rarely get direct access to your PayPal account itself, but they can use the stolen information in other ways.

Can Hackers Directly Steal From My PayPal?

Directly accessing and emptying your PayPal is difficult for hackers. PayPal has strong security measures. However, here’s how a hacked website could lead to problems:

• Unauthorized Purchases: If they get enough information about your payment methods linked to PayPal (like card details or transaction IDs), they might try making purchases.
• Phishing Attacks: They can use the stolen email address and knowledge of your past purchases from that website to send you very convincing fake emails pretending to be from PayPal, trying to trick you into giving them your login details.
• Account Takeover (less common): If they get your username and password from the hacked site (and you use the same ones elsewhere – which you shouldn’t!), they might try logging into your PayPal account directly.

What Should You Do?

1. Check Your PayPal Transactions: Regularly review your recent activity for anything you don’t recognise. Go to the PayPal Activity page and look carefully.
2. Report Suspicious Activity Immediately: If you see anything wrong, report it to PayPal right away. You can do this through their website or app.
3. Change Your PayPal Password: Even if you don’t see any suspicious activity, changing your password is a good precaution. Make sure it’s strong and unique – don’t reuse passwords from other websites.
4. Enable Two-Factor Authentication (2FA): This adds an extra layer of security to your account. PayPal offers 2FA via SMS or authenticator app. Set up two-factor authentication.
5. Be Wary of Emails: Be very careful about clicking links in emails, even if they look like they’re from PayPal. Always log into your account directly through the official PayPal website (www.paypal.com) to check for updates or issues.
6. Review Connected Apps: Check which third-party apps have access to your PayPal account and revoke any you don’t recognise or no longer use. You can find this in your PayPal App Settings.
7. Contact the Web Shop: Let the web shop know about the hack so they can investigate and improve their security.

How to Spot a Phishing Email

• Generic Greetings: “Dear Customer” instead of your name.
• Poor Grammar & Spelling: Look for mistakes in the email text.
• Suspicious Links: Hover over links before clicking them to see where they actually lead (don’t click if it doesn’t look like a legitimate PayPal address).
• Urgent Requests: Emails asking you to act immediately or threatening account closure are often scams.