Why did PayPal ask me to change my Password after I made a purchase with my credit card?
Why did PayPal ask me to change my Password after I made a purchase with my credit card when I was not even logged on to PayPal? And Why didn't it ask me to enter my old password first?
Here's what happened... My shopping cart was hacked a few weeks ago and they were able to change the PayPal information so they got a $300 sale in their PayPal account and not mine. I could not find a suitable place to report it so I sent a letter to PayPal and have not heard anything back yet.
So I closed down my cart and installed a new updated version from scratch, new database etc. and beefed up the security on it.
Then I went to test my cart with a $1 purchase. I went through the cart process adding the item and when I got to the checkout I selected the "I do not have a PayPal account" so I could check it as a customer would see it using my credit card to check it that way.
The strange part... I was NOT logged on to my PayPal account but after I entered my credit card information, hit the Pay button and my payment went through, it wanted me to change my PayPal password. Keep in mind I never even logged on to PayPal to begin with so why did it want me to change it? And how did it know what PayPal password to change unless it's changing the sellers (me) password? Plus to enter my new password it never even asked me for my original password, or asked me to log on first in order to change it. It just had two fields "New Password" and "Confirm Password".
I opened another browser and tried to log on to PayPal with my old Password but could not. I had to go back and enter a new password before I could log on to my PayPal account again. This seemed so strange for PayPal to do that with my password, that now I'm even more scared to use PayPal. If a customer pays with his credit card will he be prompted to change MY PayPal account password locking me out?
I wasn't logged on so why did it ask me to change it? And why didn't it ask for my original password to verify I even knew the original password before it allowed me to change the password?
Even if PayPal assumed it was me making the $1 purchase because of my email address etc. It should still ask me to enter my old Password before allowing someone to change my password.