Today I was charged 21'99 euros for a purchase I did not make
I logged into my League account to see if I had the RP at least, bc transaction was set as periodically and I might have forgotten about that (its been really long I dont purchase rp so I doubted It) but RP was the same as yesterday, therefore someone used my PP to get that RP and stole money from me

I have an authenticator which changes number every 15-20 seconds
How safe is that? .... I cant believe someone hacked my PayPal so easily
Also I have no clue how, as I dont really use my computer for anything, only to Game from time to time
Have never given info to anyone.

I opened a dispute on PP and claimed someone might have hacked my account
Also contacted riot games through email
How likely am I going to get my money back? Its just 20 euros but nobody likes to get stolen
Changes my PP info already, but seems like whoever hacked me can easily do It again at this point

I have text message auth on a very unused phone number, and never experienced this.
I dont really like authentication apps, maybe this is what has been hacked?


Email I registered on microsoft auth-app has endless login attempts, but they will most likely never access it without the text message/phone call that has to be sent to my phone?
Anyway, nothing important would be stolen from this one.

On my main email, 20 years, never been in touch with auth apps - but same text message auth - No suspicious login attempts or leaked password.

No, I do not use auth app for paypal.
Only text message - Phone. So I wouldnt know exactly how, If you got hacked.
But my guess would be the auth app.

This post was edited by Yiup on Nov 21 2024 05:10am

Auth app is VERY secure. It works by taking a secret key generated by paypal, adding current time and generating numbers based off that. You can't really bruteforce it, because secret key is long and .. secret.

What was the purchase? RP in game? Or something else? You should start dispute with the party that charged you

I see...

It was RP purchase in game

But for your account or someone else's?

When you say you have auth, what kind?

Is your PP set to text you a code? Do you have to open an authenticator app and input the OTP from there?

This is solved 😁

Just to clarify on this, always pick app auth as your 2 factor and use solutions thats offer ToTp (time-based one-time passwords) which you describe with the constant changing password. Always avoid text/email/in-app verification as these are very easy to tamper and spoof.

With that being said, even though you have third part validation enabled, some service, sites and payment gateways, does not trigger third party documentation for various reasons, if the amount is below a certain limit. Usually that happends, if you have an exiciting payment agreement or verified CC connected to the service/game/platform.

I've co-founded a cyber security company within identity and access management, working especially with authentication security and 2fa, so we see quite a few of these cases.

Can you share what happened and how to prevent it from happening? This is not something I'd like to run into lol.