A week or so ago Melissa noticed that a PayPal transaction had come through that wasn’t for something we had purchased. She logged into PayPal to find that sure enough, a computer SSD hard drive had been bought using our PayPal account.
So she disputed the transaction (which has since been reversed) and changed the PayPal password. She figured for good measure she would also change the eBay password since the sellers email would make you think the purchase came through eBay. Oddly though Melissa couldn't change the eBay password because eBay emails you a link to change it. And despite trying several times, she never got the email from eBay. A few days later she realized she also hadn't gotten any emails from PayPal on the status of the dispute.
So she logged onto the Comcast controls for her email account and found that someone had hacked into it too and set up filters to immediately delete all emails from eBay and PayPal and forward them to pp@demsuongcompany.com. So this was clearly a very intentional hack. The password for both the Comcast and PayPal accounts were the same, but they were VERY difficult to have guessed. We can only assume that somehow the HeartBleed bug was involved in allowing someone to gain access. Passwords to all our financial accounts have now been changed (again!).
Further research on demsuongcompany.com using who is (http://www.whois.com/whois/demsuongcompany.com) showed that the registration of this URL is marked private (i.e. there is no public information about who registered the domain) but it was registered through GoDaddy. So Melissa made a report to GoDaddy as well as PayPal and Comcast regarding the intentional hacking.
Scary, huh?