MyDeal Account Hacked

pformag on 10/10/2022 - 23:20
Last edited 11/10/2022 - 10:52

Hi All,

Tonight, someone log into my mydeal account, changed the delivery address and proceeded to purchase random items, around $260 worth of Tommy Hilfiger underwear.

I previously saved my PayPal details on mydeal, and thus the person was able to pay for the items.

Please check your emails for any update mydeal emails and also check PayPal.

I don't know if mydeal has been compromised or it's all part of this Optus hack, as I am an Optus customer also.

I have since revoke all PayPal payment agreements with other 3rd party websites, for which there were many, most I did not even know I had saved as automatic payments

Hope this may help.

General Discussion

Related Stores

MyDeal.com.au
MyDeal.com.au
Marketplace

Comments

  • Hybroid on 10/10/2022 - 23:24
    +4

    Could be something completely unrelated too and your password or computer was compromised.

    Probably a good idea for everyone to review their Paypal permissions page and remove anything that's outdated or unnecessary:

    https://www.paypal.com/myaccount/settings/permissions

    Also: SWITCH ON 2FA! For everything, everywhere.

    https://www.paypal.com/myaccount/security/twofactor/authenti…

  • kenzstar on 10/10/2022 - 23:25

    change passwords on all accounts and remove all assoicated bank/card details with the accounts.

  • Muzeeb on 10/10/2022 - 23:29

    You don't have 2FA setup on PayPal in 2022?

    • pformag on 11/10/2022 - 09:38

      Do they have it for payments? I can only turn in 2FA for login

      • Muzeeb on 11/10/2022 - 09:40

        Gotcha, only log in. I don't have any automated payments with PayPal.

        • pformag on 11/10/2022 - 10:47

          I didn't realise how many I had. KFC, Target, Ebay, Google, mydeal, Kogan etc.

  • MeesusEff on 11/10/2022 - 00:17
    +2

    Any time I've purchased anything on PayPal ive had to at least log in, was your PayPal also compromised? One time someone hacked my PayPal and bought himself a pair of Nike Jordan's. Cancelled the order with Nike less than 2 hours later but they still sent it out. Lucky jack@ss

    • pformag on 11/10/2022 - 10:51

      When I bought an item on my deal a couple of years ago I used Paypal. This setup automatic payments for mydeal on Paypal. The person then gained access to my mydeal account, changed the shipping address, and bought random items. Because Paypal was set up already, it automatically paid without the need to log in to Paypal.

      I went through all the automatic payment accounts on my PayPal. There were a few. Target, KFC, Kogan, etc. I have cancelled them all.

  • [Deactivated] on 11/10/2022 - 00:37

    You have their address, file a police report

    • pformag on 11/10/2022 - 10:48
      +1

      I did

  • this is us on 14/10/2022 - 21:59
    +1

    Related?
    I don't trust when they say password was not compromised…

    Dear customer,

    We are writing to inform you of unauthorised activity on one of our systems that has led to some of your account details being accessed. We are extremely apologetic that this has occurred and that your data has been accessed. We want to assure you that we are working around the clock to resolve this incident.

    What we know
    Over the last 24 hours, we discovered unauthorised access to one of our systems that holds customers' data. Your password and payment information was not compromised, but unfortunately the following data may have been accessed (if you have provided this information):

    Email address
    Name
    Address
    Telephone number

    • [Deactivated] on 14/10/2022 - 22:19

      I just got this too.

      However, I deleted my account a long time ago…there is no account attached to my email.

      It could be fake?

      I reset password, and it emailed me saying no account. Unless mydeal kept all my details on hand the pricks.

    • pformag on 15/10/2022 - 08:32
      +1

      Must be. Must of had a few customers trying to cancel payments for them to realise something was wrong.

    • snoopydoop on 15/10/2022 - 13:50

      OP's case doesn't necessarily mean passwords were compromised.

      Eg. OP could be using the same password from another service, which has had its own breach

  • pformag on 15/10/2022 - 08:29
    +1

    Woolworths Group's MyDeal hit by breach exposing data of 2.2 million customers
    https://www.abc.net.au/news/2022-10-15/woolworths-group-myde…

  • this is us on 15/10/2022 - 14:04

    Interestingly, I received the email saying that my email, name, phone, address have been compromised, but I don't have an account. I used to be subscribed to their newsletter years ago, though.
    I tried the "forgot my password" and got a:
    "There is no MyDeal.com.au account associated to that email address"

    I don't think I've ever ordered from Mydeal…

    • scrimshaw on 15/10/2022 - 14:27

      Data breach relates to MyDeal's CRM system (Customer Relationship Management). It would have kept track of both newsletter subscribers, users who've ever purchased from them and their accounts, if they have one.

      You're affected even if you didn't make an account with MyDeal and were just getting marketing emails.

      pformag is actually affected by another kind of attack, most likely credential stuffing. because the attacker actually has knowledge of his password and used it to successfully login. You can avoid these types of attacks by not re-using passwords across different websites.

Login or Join to leave a comment
Login Join