Trying to understand what happened, my Paypal account got hacked through Brave

Trying to understand what happened, my Paypal account got hacked:

Couple of days ago i was browsing the web… i think i was watching a bunch of youtube videos… boring night…

While i was watching the videos my browser suddenly opened a tab to paypal… I closed it rapidly… But… What?? Kept watching my video… but looked my other tabs? no… none of them were about stores or anything… BOOM another tab opens on its own… and again paypal page loads up… close it again… it happened a 3rd time minutes later… and then never again… WEIRD.

Now today i noticed there’s a 7000$ transaction on my account credit card from Paypal >_> tried to log into my paypal account, the thief closed my account.

I’m trill trying to figure out how they got to my paypal… my account has the 2-time thing authentification… even I cannot log into my account unless i identify using my cellphone with a code… of course i never received any authentifications throu my cellphone… i usually also get emails for all my transaction on paypal… didnt received anything about this.

How could this happen on Brave?

Anyone could shed some lights?

@Tef Brave helps on privacy but it doesn’t make you invulnerable to hackers, malware, or viruses. It’s possible you installed an extension that tracked your information, you ended up with a virus on your computer from something you’ve downloaded, or any number of things. It also doesn’t mean it originated in Brave. That said, if you did end up with something like a virus, malware, key logger, or whatever, they would all try to navigate to your default web browser as that’s where cookies, passwords, and other information is generally saved and that they’d want to access.

As to how they could bypass 2fa, seems it’s been a thing for a while. You may want to check out articles like https://cybernews.com/security/we-found-6-critical-paypal-vulnerabilities-and-paypal-punished-us/

It’s also possible your information could have been part of their data breach that was discussed at https://www.mcafee.com/blogs/security-news/the-paypal-breach-who-was-affected-and-how-you-can-protect-yourself/ though you should have been notified if you had been.

The main thing you need to be doing is contacting your bank to dispute the charge and report the vulnerability, contact your local police to report the crime, reach out to PayPal, and doing deep scans on your computer using things like MalwareBytes to check for anything that might be on any of your devices.

Thanks… after the weird pop-up pages i did think about a virus so i scanned my whole computer and didnt have a lot of contaminated files… did have a few, most of them were like cookies tracking from Google chrome which i stopped using a while a go since i got onto Brave.

i thought maybe it was a known thing about brave since it was the browser i was using and the weird behavior happened…

I should’ve logged into my paypal and banking account right there on that moment… didnt think about it :frowning:

as for extension i also checked and only have adaware, ublock origin, facebook purity… nothing much else…

but yeah I did contacted paypal and my banking acount… they froze my credit card, i’m being issued a new one, paypal says they’re investigating and will refund, and to simply create a new account and forget the old one.

weird in my lifetime i got hacked twice, and both times were from paypal :frowning: this sucks.

but thanks for the reply, and the links, good read!

Did you get that from the site or has that been around a while from the extension store? I only ask because years ago they had some scammers that ended up with Facebook Purity in the extension store, all with .net instead of .com in the name.

Ouch, that stinks. Hopefully you can figure out what’s causing the vulnerability. Also as I mentioned, I would definitely do a police report with the non-emergency number. Some departments have cyber crimes departments and they may be able to do investigations and catch whoever had done this.

Otherwise the banks will likely just do their own investigation and return the money. They don’t necessarily report much to police or anything. Even if police do nothing, at least the report is there just in case. You never know when it might matter for yourself or others in the future.

i have no idea for facebook purity… i had this for so long, the info on it doesnt give much details if it came from .net or .com…

im old school… i like putting a face on a crime… these faceless internet crimes feels more like a violation of my person than an actual scam crime…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.