Recode's data privacy reporter shares story of how hackers stole $13,103.91 from her

Originally published at:

1 Like

I like that Saturday is Change Your Passwords day. My only problem is that Bitwarden tells me I have 704 passwords stored. It’s going to be a long day.


Some additional tips:

  • Don’t use your debit card for any online purchases (and if you’re going to be even more paranoid don’t use it at gas stations, sketchy businesses, and such – use a real credit card if you can).

  • Set up another bank account just for linking to online wallets (like PayPal). Your bank should be able to do this as an add-on to your existing account. What I do is I keep a small amount of money in this account at all times (like $50) to keep it active. If I need to make a larger online purchase I will transfer money from my main account to this alternate account. If my online wallet account got breached, the hacker would only get away with a small amount of money.

  • If you have a credit card, see if your issuer will give you an alternate card and use this only for online purchases. (Or if you’re able get another credit card from a different company and only use it for online purchases.)

  • Crank up the fraud protections on your account(s) as high as possible. This may cause some annoyances when making big purchases or traveling and having to call the card issuer, but this also will put a stop to many kinds of fraud much more quickly. (Make sure you put a travel notice on your card before traveling to avoid additional frustration.)

I’ve been a victim of credit card fraud more times than I can count and the key is to limit the blast radius of this happening as much as possible. I’d much rather deal with the annoyance of spending an afternoon on the phone with the CC company’s fraud department rather than the horror of my bank account being drained and having to figure out how in the hell I’m going to pay the month’s bills.

Oh and FTR, this sentence had me seething:

When I called them for an update and to demand justice, they told me they couldn’t tell me any details about the case because I was not the victim, the bank was. Obviously, things could have been a lot worse: I did get the money back.

Fuck that shit.


Sure enough, $9,000 had been wired away two days previously. During the subsequent, frantic call to my bank, I looked at my checking account and saw that $4,000 had been wired away from there, too

change banks!

for large sums to new places, my credit union calls me before the money goes out. even for things like interbank transfers to other verified accounts, i get an email.

makes no sense that her only way to get notification was to see the change in balance and track down the transaction herself…

unless of course she’s using wells fargo, bank of america, or chase. they seem to hate their customers and seem to have a history of scamming them


I have auto notifications set on my bank account- I’m emailed any time a payment/transfer over $100 is made.


I had a charge for multiple pizzas reversed once, and when I went down to the credit union to get my new card, the teller explained that most times the caper isn’t this Mission Impossible-type hacker stuff. It’s often just somebody plugging in the last few credit card/debit card numbers sets with successive numbers. They try a probing charge of a dollar or two until they get a bingo. Then they charge away the rest of your money if it isn’t caught in time.


About 10 or so years ago for a period of a couple of months I got a succession of really weird and random stuff in the mail. Flowers, business cards not in my name, and other small purchases that I most certainly did not make. Always from online retailers, always of relatively low value. Every time I got something unexpected, I would contact the business trying to get more information about what the fuck was going on, and every time this happened I would get stonewalled about “client confidentiality” and such. I contacted the police about this multiple times, and got a ¯\_(ツ)_/¯ in response.

I had no idea what the fuck was going on and it was incredibly stressful for both me and Mrs. Ficus. We didn’t know if I improbably had a stalker, or something else weird was going on. It eventually stopped after 6 or so months.

Then, a few years back I read about how people probe credit card numbers by doing small online purchases to random people from any of the thousands of leaked databases. This was the only thing that made sense in retrospect.


data privacy reporter


One of my big IS pet peeves is institutions that try to apply high-end security measures to frivolous things. That just dilutes my security for the important things. 2FA for stupid association membership? GTFO!

Best practice now is to not burn passwords regularly. Use good passwords and change only when there’s good reason to suspect they have been compromised. Also, if you don’t use a password manager, or if you need a good passphrase for other reasons (like for your password manager):

It’s possible that it was part of another kind of scam - I’ve heard that third party sellers on Amazon did this to provide a seemingly valid package tracking number with delivery address in the same city as scammed person so the system will register package as delivered.


This topic was automatically closed after 5 days. New replies are no longer allowed.