cancel
Showing results for 
Search instead for 
Did you mean: 

Hacked My Upwork Account

kaushik160
Ace Contributor

An Annonymous  person has added Payoneer payment method. And Withdrawn my all amount. 


There are 72 hours completed and till I have no update from Upwork on my Ticket on it.


I have asked for the bank account details / Phone number / Address information of the hacker who stolen amount via Payoneer Payment method.


Upwork customer care is just replying me with they are working on it. but there is no single action on it.

 

My Ticket number is 12105619 , where you can find hacker email ID and his Name on Payoneer.

"**Edited for Community Guidelines**"  is the person from Security department handling my ticket.

 

Can somebody help me on this ?

Regards
Kaushik

73 REPLIES 73

@walker R wrote:

What is equally likely is that hackers bought a stolen list of emails and passwords from the data breach at LinkedIn or other sites.  People tend to reuse the same password for each site.

 

 


They would still need his secret question answer to log in. I think it's more likely he fell for the phishing scam that was being posted somewhat frequently a couple weeks ago. Some people just give others their credentials here too, so there is always that possibility. He's not going to admit to that because it's against ToS. 

Christy A we don't know how many people are facing this situation. Upwork server could also be infected, so you can't just blame freelancer.

 

Whole incident should be investigated properly.

Uplift Upwork Visual Style : Add-on
Link Removed

Yes are right Anil.

 

If this type of fishing  has been occurring then this is the open way to do to on any body upwork. and upwork failed to give it's security in this website. 

 

I have already written the scenario in one reply that how this hacking occur. 

 

 


@Kaushikbhai P wrote:

Yes are right Anil.

 

If this type of fishing  has been occurring then this is the open way to do to on any body upwork. and upwork failed to give it's security in this website. 

 

I have already written the scenario in one reply that how this hacking occur. 

 

 


lol how is it that YOU giving your credentials to a hacker or your buddy who isn't very honest is suddenly Upwork's fault? YOU gave them your credentials. YOU. Take responsiblity, own it, and do what is necessary to avoid it again in the future. 

Hello Jennifer,

 

I completely agree with what you are saying. But If I say that no one know my upwork password except me.

 

What do you say then ?  I think you haven't read whole discussion in this forum. please read mam. 

 

 

And lastly, I can say for you that I am not that much super that can  change someone negative mind. 

 

 


@Kaushikbhai P wrote:

Hello Jennifer,

 

I completely agree with what you are saying. But If I say that no one know my upwork password except me.

 

What do you say then ?  I think you haven't read whole discussion in this forum. please read mam. 

 

 

And lastly, I can say for you that I am not that much super that can  change someone negative mind. 

 

 


I say that you're either lying or in denial. Obviously, someone else has your password. Also, my suggestion is that if you use the same password for other accounts especially those with the same email that you change the password there too.

 

I would let Upwork do their thing, but I would also do what is necessary to protect other accounts and move away from the denial stage. 


@Kaushikbhai P wrote:

Hello Jennifer,

 

I completely agree with what you are saying. But If I say that no one know my upwork password except me.

 

 

 

 


Now it is obvious that somehow, somebody else gained knowledge of your password. So right now, there is at least two of you knowing it. Unless you have already changed it, which I would strongly recommend you to do if you haven't.

 

You may have fallen for a phishing scam without even realizing it. You learned your lesson and now on you will be more careful.

-----------
"Where darkness shines like dazzling light"   —William Ashbless

@Kaushikbhai P wrote:

 But If I say that no one know my upwork password except me.

 


 Then I am afraid you are still in danger, because there is still someone out there with your credentials, because with 99.9999 % certainty you fell for some scam somewhere which handed your log in credentials for heaven knows what else (!!) to the person who subsequently logged into (NOT "hacked") your account and did what they did.

Actually there is an excel file going around on Upworks that was hard to detect as a virus. I had it on my system as I thought it was a real client posting but I didn't do what it had asked because I found it odd. I did download it though and a virus scan didn't show that it was one. I got a warning from Upworks about the file. So things can happen and people need to be aware that you need to use extreme caution with files downloaded as examples from clients and even stuff from freelancers. I do think Upworks needs to do more to prevent it from happening. It took them 8 days or so to even send me a message that said I may have a virus. There should be a review for a clients/freelancers first couple of posts when they are new members or something. The phishing, scams, and other odd postings seem to be getting worse. 

 

Actually, It is Upworks responsibility as well to keep accounts safe. It's one of the purposes for me using this platform. lol to the people that think that isn't true. You're talking about this person and saying it's his fault and all, but it could happen to anyone really. It's the same thing I expect from a bank. It's my responsibility to keep my information secretive, but I also expect the bank to have securities to ensure my information is not disclosed. 


@Amanda F wrote:

I do think Upworks needs to do more to prevent it from happening. T


As said before, the fact that they are not using 2 steps authentication is a flaw in the system. And the "security questions" technique that they may be using, which may have been ok in the 2000s, is now obsolete. Less and less online companies use this.

-----------
"Where darkness shines like dazzling light"   —William Ashbless

“And the 'security questions' technique that they may be using, which may have been ok in the 2000s, is now obsolete.”

 

So true.

 

 

For some sensitive activities such as withdrawals and changing account settings, perhaps Upwork should implement an OTP.

"Certa bonum certamen"

Yes Ravindra Sir, 

If they have implemented this OTP , then there will be very less chance on adding new payment methods. and what happened with me will never happen. 



@Amanda F wrote:

Actually there is an excel file going around on Upworks that was hard to detect as a virus. I had it on my system as I thought it was a real client posting but I didn't do what it had asked because I found it odd. I did download it though and a virus scan didn't show that it was one. I got a warning from Upworks about the file. So things can happen and people need to be aware that you need to use extreme caution with files downloaded as examples from clients and even stuff from freelancers. I do think Upworks needs to do more to prevent it from happening. It took them 8 days or so to even send me a message that said I may have a virus. There should be a review for a clients/freelancers first couple of posts when they are new members or something. The phishing, scams, and other odd postings seem to be getting worse. 

 

Actually, It is Upworks responsibility as well to keep accounts safe. It's one of the purposes for me using this platform. lol to the people that think that isn't true. You're talking about this person and saying it's his fault and all, but it could happen to anyone really. It's the same thing I expect from a bank. It's my responsibility to keep my information secretive, but I also expect the bank to have securities to ensure my information is not disclosed. 


If you give someone your banking credentials, they will tell you "well duh you gave them to the hacker." They are responsible to keep the data safe from their own breaches. Security is a collaborative effort where the user must be educated on what to look for when it comes to scam and phishing. 


@Jennifer M wrote:

If you give someone your banking credentials, they will tell you "well duh you gave them to the hacker." They are responsible to keep the data safe from their own breaches. Security is a collaborative effort where the user must be educated on what to look for when it comes to scam and phishing. 


Thank God the major Internet players out there realized some time ago that this is not the case and that the user being the weak link, they need to take security off users hands.

 

I know at least one tech-savvy person who shared your views and was loling about other being reckless about IT security. Until he was hacked big deal.

-----------
"Where darkness shines like dazzling light"   —William Ashbless

@Rene K wrote:
@Jennifer M wrote:

Thank God the major Internet players out there realized some time ago that this is not the case and that the user being the weak link, they need to take security off users hands.

 

I know at least one tech-savvy person who shared your views and was loling about other being reckless about IT security. Until he was hacked big deal.


 He ain't as good as me, Rene. 😉

 

Obviously.

Jen, I think you are just sort of repeating what I said though. Yes, it is a collaborative effort as I stated in my post. (I said we need to be careful too and not share your info) but Upworks should have better security too. I don't feel they have enough in place to stop this stuff from going on. You can say what you want but it's true. No need to blame the guy entirely, we don't know what exactly happened so the point is moot. He probably did take certain measures too, but could have fallen to downloading something, scanning it, and not realizing it had a virus. Not all virus stuff can be found right away with scanning software, but it can be looked at if it's odd. Those posts should still be seen as suspicious by upworks like when someone askes to enable macros, that type of posts should be looked into right away, not 12 days later(that is how long it took to make me aware I may have downloaded a virus). lol 

 

It would make sense to review new freelancers and clients for this type of activity for so many posts or at least have a better security system in place when it comes to your account and private information. 

kochubei_valeria
Community Manager
Community Manager

Hi Kaushikbhai,

 

The team will update you via the open ticket about their progress with Payoneer as soon as possible. Appropriate actions are also taken regarding the hacker's Payoneer account and the team will investigate this case further to see what can be done to remedy the situation. 

 

I would also like to confirm that Upwork servers are not infected and this is an individual case.

 

Thank you.

~ Valeria
Upwork

Hello Valeria,

 

Thank you for the response. 

 

Hope you have read my ticket 12105619 and also read the reply on the scenario on hacking.  

 

This is an individual  case. but this is open to all upwork account and may effect to many more people.

 

And for waiting on my ticket. Yes I am hoping for good and waiting for the reply in this ticket.

 

 

 

 

 

Hello Valeria 

Yes Just received a reply in my ticket with 40% recovery amount to my upwork account back. 

 

But what about remain 60% amount. 

Customer representative just replied with " The remaining amount cannot be recovered because they were spent by the hacker."


Now hacker is also a human. By his Payoneer account , Payoneer  has  his all the information . Can't they do legal action against him and try to recover those amount.

Why upwork Can't pay me if they can't recover it from the hacker or by legal action against him ,as up work is failed to make the security  what is my fault here. ? 

Or why they can't go against legal action against Payoneer as Payoneer is allowing to add such account with email having XXX@consultant.com


If I were you, I would contact Payoneer and demand reimbursement for the remainder of the money from them.  (If there's any money left on his account).

Hello Marry,

Yes I already did that.  

 

I have already contact Payoneer and they had told me that they have suspended his account. but denied to give me other personal information. and upwork told me that whatever amount in his account will be returned back. 

TOP SOLUTION AUTHORS
TOP KUDOED MEMBERS