• Text Only
Voting History
rated:
My WalMart.com account got hacked. I received an order placement email a few minutes ago for a laptop to go to someone's else house with an rush shipping.

Right when I got the email order, I sign in, did a cancel order and updated my password but now I cannot get in anymore and looks like WalMart website is going into "maintenance". I will call WalMart to check on this tomorrow.

Just wanted to gives a heads up in case someone hacked into WalMart.com and it is just not my account only.

If mod believe this should go to a different forum, please move this. Thanks.

Member Summary
Most Recent Posts
Happened to me just like that on Dec 7th.... I have the name of a pick up person in the state they tried to pick up a la... (more)

catsinthebag (Dec. 11, 2013 @ 5:48p) |

The dumb part was they used MY NAME for the pickup.

MisterEd (Dec. 11, 2013 @ 10:08p) |

Saw this post yesterday and logged into my WalMart account to delete any stored CCs. If anyone tried to use mine they w... (more)

brooke789 (Dec. 12, 2013 @ 6:15a) |

tl;dr?? Moral of this thread: Don't save credit card numbers, gift card numbers, or any other financial data on any e-commerce website. There is no reason to keep them in there. Delete them all after using them if the website saves them. It might be a pain in the butt to enter the numbers every time you want to make a purchase, but the one extra minute it takes for you to do that could save you hours in headaches if your account is ever compromised.


Just use Lastpass. Unique password for every site.
Thanks for visiting FatWallet.com. Join for free to remove this ad.

Are you sure you went to WalMart.com?

This sounds like a phishing email. One that looks exactly like an email from WalMart.com.

Knowing it isn't something you ordered you then click on the link. Login with your u/p. Supposedly cancel the order.

The next thing that happens is they now have your real u/p and can place orders on WalMart.com

They could easily setup a redirect on your computer, and now you think the site is in maintenance and the phisher has your real info.

Same thing happened to me 2 weeks ago. They tried to place an order for email delivery. WalMart auto-cancelled the order when it failed their security check. Order still shows up at WalMart.com.

Changed password and deleted saved payment info.

Same thing happened to me a few weeks ago. Someone tried to order WalMart $50 giftcard 4 times with email delivery. I got the confirmation email so I immidiately went on line and cancelled every freaking orders.

I asked to inactivate my account.

It does sound a bit like a phishing email, but while I get them almost daily for banking sites, I' ve never had one from a retail site such as WalMart - the benefit to the scammer would not be as great I guess.
But just to be safe if you receive an email about something you did not do/order/etc, NEVER click on the link that is on that email. In this case just type WalMart.com on your browser.

Seems like it's happening to other people too. Link

It was a real email confirmation status. I didn't log in to WalMart.com through the email. I typed WalMart.com on a new tab to log in and also saw the actual order. I was able to cancel it in time that they didn't ship out the laptop. I submitted the complaint to IC3 with the guy's address and telephone number. I doubt IC3 will care. I tried to call the number with my Google voice and he just tried to call me back this morning.

No more saving credit card info online.

What's iC3

IC3 is Internet Crime Complaint Center. IC3

Deleted my payment method on WalMart.com due to other similar hacked WalMart account posts.

slappycakes said:   Deleted my payment method on WalMart.com due to other similar hacked WalMart account posts.



+1... thanks for the heads up OP!

Ditto. My order history is safe but deleted the payment method JIC.

Why not just change the passwords?

mine got hacked few weeks ago, recvd an order confirmation around midnight 2 seperate orders of $25 itunes, called CC and changed password, removed CC info

if your WalMart account got hacked, you should check all other online accounts that use the same email and password and change the password immediately. Its your own fault that your WalMart account got hacked. Yes, its my own fault when my WalMart account got hacked a few months ago. It took me a while to figure out how my account could have been possibility hacked. I was an IT professional and I know how I should treat my password. that's why I was surprised to see my account was hacked. Here's what happened after I pieced everything together:

I used the same email address and an old password on some online forum and low security online retailers. One or more of them got hacked. The hacked just tried the email and password on all major online retailer and you know what, many people reuse the same email and password for all their online activities.

wen111 said:   if your WalMart account got hacked, you should check all other online accounts that use the same email and password and change the password immediately. Its your own fault that your WalMart account got hacked. Yes, its my own fault when my WalMart account got hacked a few months ago. It took me a while to figure out how my account could have been possibility hacked. I was an IT professional and I know how I should treat my password. that's why I was surprised to see my account was hacked. Here's what happened after I pieced everything together:

I used the same email address and an old password on some online forum and low security online retailers. One or more of them got hacked. The hacked just tried the email and password on all major online retailer and you know what, many people reuse the same email and password for all their online activities.


Are you sure it's not WalMart.com that got hacked? Looking at how many people got hacked recently here and in the other thread, it doesn't seem like a coincident to me.

unnamedny said:   Why not just change the passwords?
Hey! You stole my name!

Someone ordered 4 x $100 WalMart gift certificates using my account a few weeks ago. AMEX stopped the last two but the first two were already emailed by the time I was notified of the order. Like others, I deleted my stored credit card information. I believe WalMart.com automatically stores it when you order so remember to remove it after an order.

My WalMart account has a unique password so I have to assume it was the WalMart system that was hacked. I don't understand why WalMart allows this to continue because apparently it happens to a lot of people. Maybe WalMart doesn't suffer the loss - is the loss absorbed by the credit card companies?

wen111 said:   if your WalMart account got hacked, you should check all other online accounts that use the same email and password and change the password immediately. Its your own fault that your WalMart account got hacked. Yes, its my own fault when my WalMart account got hacked a few months ago. It took me a while to figure out how my account could have been possibility hacked. I was an IT professional and I know how I should treat my password. that's why I was surprised to see my account was hacked. Here's what happened after I pieced everything together:

I used the same email address and an old password on some online forum and low security online retailers. One or more of them got hacked. The hacked just tried the email and password on all major online retailer and you know what, many people reuse the same email and password for all their online activities.


This is exactly why I use two passwords. A simple one for forums and non-financial sites. A more complex one for financial related sites.

Same happened here last week. I forgot update my new credit card number at WalMart. So the fraud order was on the old card number and CC company rejected it. I was lucky or else it could be more messy. So it is better to input CC info everytime not to save it with the vendor.

tchen811 said:   This is exactly why I use two passwords. A simple one for forums and non-financial sites. A more complex one for financial related sites.As already mentioned above, reusing login IDs (emails) or passwords is a bad idea.

If you can't remember or come up with a unique password scheme, use password storage software like Password Safe.

A complex (and not free) solution for unique email addresses is to own a domain and set up unique email aliases (forwarders) for every single online account. This is also a great solution against spam.

If you didn't place an order you only need to deal with your credit card company. You can remove the info from the WalMart.com account and change any info you want, but calling WalMart is not your responsibility and actually is not suggested.

Hope nobody has to deal with a Wells Fargo CC and a fraudulent WalMart charge. Been there, done that and it was a nightmare to resolve.

wow I thought it was just me. someone got into my account and ordered bunch of gift cards. luckily AMEX refunded the amount.

Got the following email from WalMart.com, let's see what they got to say in 3-5 business days if they even going to contact me again:

Hi John Doe,

Thank you for contacting WalMart.com regarding the order that you did not place. We are very sorry that this happened to your account. The item in this order was in fact cancelled.

We are still researching this matter and apologize for the delay. We will contact you again within 3 to 5 business days with the requested information.

Joe Doe, if we have not fully answered your question or you have additional questions, please reply to this email.

Sincerely,
WalMart.com Customer Care

I didn't need to contact the cc since they emailed me back in the morning and they didn't sound that useful. It was an PenFed CC and below is part of that email. Don't understand how they can't do a stop/decline payment when it is not fully charged yet (isn't it possible to stop a pending charge within a day unlike a charge that had occurred say after 2-3 days?) but hope they aren't hard to deal with when I do need to submit a dispute in the future.

Thank you for contacting Pentagon Federal Credit Union.

Regrettably, we are not able to prevent the posting of a charge that has already
been authorized. We recommend contacting the merchant directly to cancel the
purchase and for refund.

majorlag said:   Got the following email from WalMart.com, let's see what they got to say in 3-5 business days if they even going to contact me again:

Hi John Doe,

Thank you for contacting WalMart.com regarding the order that you did not place. We are very sorry that this happened to your account. The item in this order was in fact cancelled.

We are still researching this matter and apologize for the delay. We will contact you again within 3 to 5 business days with the requested information.

Joe Doe, if we have not fully answered your question or you have additional questions, please reply to this email.

Sincerely,
WalMart.com Customer Care

I didn't need to contact the cc since they emailed me back in the morning and they didn't sound that useful. It was an PenFed CC and below is part of that email. Don't understand how they can't do a stop/decline payment when it is not fully charged yet (isn't it possible to stop a pending charge within a day unlike a charge that had occurred say after 2-3 days?) but hope they aren't hard to deal with when I do need to submit a dispute in the future.

Thank you for contacting Pentagon Federal Credit Union.

Regrettably, we are not able to prevent the posting of a charge that has already
been authorized. We recommend contacting the merchant directly to cancel the
purchase and for refund.


What information did you request from WalMart?

If a transaction is in pending status, no credit card companies do anything. They do things after the transaction comes out of the pending...at least that's been the case for me.

This is what happens when you shop at Wally World.

Same here, mine got hacked on September 29. I changed pw and deleted payment info. They tried to order Xbox live stuff. Delivery to my place. Were they trying to intercept it at my house or something? Not sure, either way, WalMart.com canceled the order automatically. Failed security check, guess they didn't have my 3 digit security code.

scripta said:   tchen811 said:   This is exactly why I use two passwords. A simple one for forums and non-financial sites. A more complex one for financial related sites.As already mentioned above, reusing login IDs (emails) or passwords is a bad idea.

If you can't remember or come up with a unique password scheme, use password storage software like Password Safe.

A complex (and not free) solution for unique email addresses is to own a domain and set up unique email aliases (forwarders) for every single online account. This is also a great solution against spam.


I can personally attest to LastPass. I've been using them since Lifehacker wrote about the company a couple of years ago. It's amazing software. I now have 8-10 character random passwords for every site I go to.

http://lifehacker.com/5041463/lastpass-saves-and-syncs-passwords...

tehlorax said:   I can personally attest to LastPass. I've been using them since Lifehacker wrote about the company a couple of years ago. It's amazing software. I now have 8-10 character random passwords for every site I go to.

http://lifehacker.com/5041463/lastpass-saves-and-syncs-passwords...
Keypass syned across computers via Dropbox is also a good option.

LiquidSilver said:   tehlorax said:   I can personally attest to LastPass. I've been using them since Lifehacker wrote about the company a couple of years ago. It's amazing software. I now have 8-10 character random passwords for every site I go to.

http://lifehacker.com/5041463/lastpass-saves-and-syncs-passwords...
Keypass syned across computers via Dropbox is also a good option.


Keepass is cool, but the easy plugin nature of LastPass gives it a very high spouse acceptance factor.

Roboform, the best $20.00 I've ever spent in my life.

Same thing happened to me. I had 3 $20 game card emails ordered on my account but were canceled by WalMart.

It happened to me a couple of months ago. Someone purchased 2 PlayStation points cards ($50 each) with my account and credit card. I called WalMart as soon as I got the notification email, and they were extremely UNhelpful since the points cards were immediate delivery. I called my Visa card company, and they took the charges off. I tried to delete my WalMart account, and asked WalMart customer service to do it as well, to no avail. I did totally remove my credit card info from their website though.

yourlefthand said:   LiquidSilver said:   tehlorax said:   I can personally attest to LastPass. I've been using them since Lifehacker wrote about the company a couple of years ago. It's amazing software. I now have 8-10 character random passwords for every site I go to.

http://lifehacker.com/5041463/lastpass-saves-and-syncs-passwords...
Keypass syned across computers via Dropbox is also a good option.
Keepass is cool, but the easy plugin nature of LastPass gives it a very high spouse acceptance factor.
That looks convenient, and better than nothing. Just remember that a browser plug-in and online synchronization through a third-party is inherently less secure than a stand-alone offline application.

fattywallace said:   Roboform, the best $20.00 I've ever spent in my life.Yet completely unnecessary with all the free (and open source) alternatives available.

Not to be the 20/20 hindsight jerk, but I can't believe people who store card info online. I always "check out as guest" when I can. For ANY company, the piddliest yarn shop to Chase Bank, it's only a matter of time until some/all of your account is compromised, it's up to you how much you store with them.

Second the suggestion of a password manager. I finally made the jump a month ago and I can't tell you how nice it is to not have to even remember passwords for any login I have, they're ALL unique, and if I read about the consumerist/gawker/WalMart or whoever getting hacked, I just login, create a new random password and move on with my life in 5 seconds. Only password manager program I've tried is KeePass and I really like it so far.

Edit
I just logged into WalMart and changed my PW. One thing about using password maangers is that you become familiar with which businesses/organizations let you choose a complicated(special characters, numbers, capital letters, very long # of characters) password. WalMart limits you to, get this, 11 characters. I just created 50-odd passwords last month and the lowest limit I found on any organization was 12. This is the biggest private corporation on the planet. Unbelivable.

scripta said:   yourlefthand said:   LiquidSilver said:   tehlorax said:   I can personally attest to LastPass. I've been using them since Lifehacker wrote about the company a couple of years ago. It's amazing software. I now have 8-10 character random passwords for every site I go to.

http://lifehacker.com/5041463/lastpass-saves-and-syncs-passwords...
Keypass syned across computers via Dropbox is also a good option.
Keepass is cool, but the easy plugin nature of LastPass gives it a very high spouse acceptance factor.
That looks convenient, and better than nothing. Just remember that a browser plug-in and online synchronization through a third-party is inherently less secure than a stand-alone offline application.

fattywallace said:   Roboform, the best $20.00 I've ever spent in my life.Yet completely unnecessary with all the free (and open source) alternatives available.


Your opinion and respected from this side, however; the security and peace of mind, not to mention the reliability and easy interface of Roboform is well worth it for me. I've tried LastPass and did not like. No even close to Roboform IMO.

Same thing happened last week - two cards were ordered and they changed my password. Called up WalMart.com, cancelled the orders - but did not refund my money. Need to call up AMEX now...

vagrants said:   majorlag said:   Got the following email from WalMart.com, let's see what they got to say in 3-5 business days if they even going to contact me again:

Hi John Doe,

Thank you for contacting WalMart.com regarding the order that you did not place. We are very sorry that this happened to your account. The item in this order was in fact cancelled.

We are still researching this matter and apologize for the delay. We will contact you again within 3 to 5 business days with the requested information.

Joe Doe, if we have not fully answered your question or you have additional questions, please reply to this email.

Sincerely,
WalMart.com Customer Care

I didn't need to contact the cc since they emailed me back in the morning and they didn't sound that useful. It was an PenFed CC and below is part of that email. Don't understand how they can't do a stop/decline payment when it is not fully charged yet (isn't it possible to stop a pending charge within a day unlike a charge that had occurred say after 2-3 days?) but hope they aren't hard to deal with when I do need to submit a dispute in the future.

Thank you for contacting Pentagon Federal Credit Union.

Regrettably, we are not able to prevent the posting of a charge that has already
been authorized. We recommend contacting the merchant directly to cancel the
purchase and for refund.


What information did you request from WalMart?

If a transaction is in pending status, no credit card companies do anything. They do things after the transaction comes out of the pending...at least that's been the case for me.



I just told them that someone hacked into my account and placed an order. I also told them I already logged in to my account and changed my password. I requested that they cancel my order immediately.

thanks for the info, reset my WalMart account, haven't used it in years it seems

Skipping 184 Messages...
Saw this post yesterday and logged into my WalMart account to delete any stored CCs. If anyone tried to use mine they were in for a surprise....there were about 15 Amex cards stored there and I vaguely remember having a bunch of $10 prepaid AMEX from some promotion years ago.



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

TRUSTe online privacy certification

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2014