Part II of hacked 2 times – scary again!

wordpres scam

I do not see myself as someone who reacts hysterically to every little thing and I am not the grumbling type. The reason why I write about this topic again is that such could possibly affect anyone with a wordpress account.


Last week I reported on a very nasty hacker attack (Details here). Everything seems to be fine again – hopefully. However these post hack issues were not resolved by wordpress whose answers were in no way helpful, but by jetpack-team. They resolved the matter quickly and effectively. Thanks again!

But today I got my credit card statement and this definitely seems worth reporting to me.

The hacker not only destroyed my account and almost managed to kidnap my domain, he also managed to withdraw US $ 6000 via wordpress. Now 6K is not such a small amount and that’s why I asked wordpress to answer a few questions about it. I think my questions were factual and calm:

“Today I received my Visa statement and I was shocked.

1) please check and adjust my payments and let me know what the payments were for – one by one
2) please tell me how it is possible, that such a high amount can be withdrawn from my account without authorization from my side
3) please tell me how this can be prevented for the future.

I’m sorry to say that the answer I received was definitely unsatisfactory and had the character – like you learn it in a course – how to deal with a low spirited, annoying customer.

The small amounts are ok. But above all the most important question: how can someone use wordpress to debit my credit card with $ 6000 remained unanswered.

There is also the little thing that EUR 5215 was debited, but I only got EUR 5048 refunded. That’s a difference of US $ 197. That doesn’t make the world end, but the fact that wordpress doesn’t even mind to answer that is a bit of a negative surprise.

So I would like to take this opportunity to point out again that there is the possibility of a 2 factor authentication, with which a similar scenario can be prevented. At least that’s what I hope.

The majority of my credit card payments are under $ 500. In the past, when I made payments over $ 1-2,000, Visa called and asked for confirmation over the phone. And now $ 6000 are debited without anyone asking ?! That seems like a remarkable security issue to me.

To this unauthorized charge via wordpress. What would have happened if I hadn’t been able to react immediately? (travel abroad, stay in hospital …). The 6k would probably have been gone badly.

Did you like this? Share it!

Zettl

alive and well and having fun

14 comments on “Part II of hacked 2 times – scary again!

This is really horrible and I don’t think WP was helpful enough.

The failure of WP goes much further. Far be it from me to wash dirty laundry in public, so I only wanted to touch on those points that pose a potential danger to other WP users.

I’m sorry to hear of your difficulties. It makes you wonder if having a website and blog are worth it.

I think for most of us here our website or blog are important tools for learning, expression, communication, exchange of thoughts, source for inspiration and much more. We just should not forget that there are people around with an another agenda.

This is highly troublesome. Hacking keeps getting further out of hand.

Yes, it is a worrying development. It is imperative that we pay close attention to the issue of security. Both users and providers.

I was not aware of this potential issue until I stumbled upon your post! Nothing much worse than scammers, thanks for posting.

You are welcome! I guess most of us never thought such could happen that easily. We just run a blog for non-commercial purposes so why should one be hacked….

I’ve been scammed before, not on WordPress though, not a nice thing to happen. I was left powerless with no help from police or other legal options. It still sucks more than 10 years later. I hope that’s the last of it for you.

sorry to hear that! so you know the feeling. powerless ist the key expression for sure. i am happy all is fine again but imagining that this guy would have been successful with transferring my domain still makes me shiver….

I have my domain name enrolled elsewhere, not directly with WordPress, that may prevent or reduce the risk of it happening. I think you can pay WordPress with PayPal too, rather than direct with card. I also pay PayPal with a master or visa card as an extra layer of protection. When I got scammed it was a direct deposit and my bank wouldn’t/couldn’t reverse it, but they can with credit cards. Lesson learnt for me!!

That’s definitely a good advice! Many thanks for posting!

Dear Friedrich Zettl, Perhaps it is late to give a bit of advice, but I also worry about hackers. I keep a small banking card account- not enough money in it to hurt me if I am hacked. And I use PayPal for making payments. They have, in my experience fairly good security and so I don’t mind in the least paying the commission.

I’m so sorry you have gone through this bad experience. It’s one we all worry about.

Dear Ana Hernandez, thank you so much for your kind words and helpful advice! Yes, I know now. I have been using paypal from the start and basically it’s ok. But I had bad experiences there too – this would be another story. This experience came unexpected and yes, it probably would not have happened with PayPal.

Leave a Reply

%d bloggers like this: