My Credit Card Details Were Hacked For Train Tickets?
In this day of age, we cannot do much when it comes to hacking, unless we spend a lot of money on protection and are very, very careful with everything. So, it is not a big surprise for me that my credit card details got compromised. What is a big surprise to me is what the hacker wanted to do with my credit card.
How It Started
Woke up in the morning, not feeling like P. Diddy, thank God! The day started good, had my breakfast, went through my routine. Then, I went to the computer to do some work. Everything was perfect and I went to a friend for a visit.
At one point, I went to the bathroom. When I came back, my phone was filled with notifications. I went to check them and it was instantly obvious that someone had my credit card details and wanted to use them.
Now what was interesting was the charges that were incurred. The first two were from:
No need to worry about losing money since I do keep very little funds on the credit cards I use. Not under 50 EUR, but, in this case, I only had like 10 EUR. So, no money was lost.
Getting back to it, who hacks credit card details and then the first thing they do is try to buy train tickets?
That is very weird!
How It Continued
Seeing as buying the train tickets did not work, the hacker, not so smart might I add, decided that maybe some other services would be better. So they tried to buy some Coinbase stuff.
What is very interesting is that even if the hacker tried to do the Coinbase purchase of 50 EUR and it failed, they then tried to do a purchase of 800 EUR. Then one of 100 EUR. Then another amount. Then decided to try 3 EUR. That one worked, so I lost 3 EUR.
What is funny is that the 3 EUR the hacker used to buy something on Coinbase is now worth 7 EUR. So, I guess I made 4 EUR from this.
How Did The Hack Happen?
There were several big data breaches that happened in the past year. One of them did expose the email/password combination I used for one of the big sites hacked, most likely Adobe.com. After that, since the password was public, hackers did gain access to it.
I was definitely aware of the security breach and changed my password for my most important websites, but, as things usually go, it seems I did forget about one. I have no idea where the new breach happened since it looks like my credit card details were also exposed, which should not really happen.
Long story short, some service somewhere was hacked and my credit card details were exposed. Then, the hacker tried to make it work in different ways. My credit card was initially used for the train tickets. Then, it was the hacked Coinbase account (username/password) that tried to buy some crypto coins.
The Big Question
While most things about this hack are obvious, I do have one huge question that I do not have the answer to:
How do the hackers bypass the two-factor authentication with the phone?
This is a very big question for me. In my Coinbase account I did have phone verification or email verification. In order to log in, you have to get a code through email or phone. And this was not even required when the hacker logged in.
It is not the first time phone verification was bypassed by a hacker in the past. I just do not understand how that is possible. There is definitely something I am missing out on or hackers are just a lot better now than I thought.
Final Thoughts
Getting your accounts hacked sucks. It is not the first time it happened to me. In fact, I lost my main Google account with my main YouTube account in it and my AdSense. This did hurt me a lot. Not because of the YouTube channel since it only had around 400 subscribers. It was because of AdSense as I was making money with it. But, these things can be gained back.
Getting your credit card details exposed is an entirely different thing. It is thus, I believe, very important to at least have spending limits set on it. Every security professional out there recommends a few things, with the most important being:
- Use a different credit card attached to a different bank account for online purchases.
- Keep that card empty. You only put money on it when you use it.
- If possible, use a virtual credit card or even a disposable one.
These are highly important but I should add that having two-factor authentication for every single service you have where you use a credit card or Paypal is important. Even if it clearly can be bypassed in some cases, as it happened to me, the more security you have, the better!
Originally published at https://adriancruce.com on August 1, 2024.