Walmart account hacked

[Philliefan33]

Yesterday morning while DH and I were playing pickleball in PA, someone was using my walmart.com account to order curbside pickup of groceries and alcohol in CA.

For some reason I checked the messages on our landline when we got home (I rarely do that). There was a robocall about possible fraud on my Discover credit card, and I "must call immediately!". I ignored the phone number given and called the number on the back of my credit card, fully expecting the representative to tell me there were no alerts on my account. But no, there actually was an unusual charge on my card. So we are getting new cards and I changed my username/password at walmart.com. I also contacted Walmart to cancel the order, which had not yet been shopped (I told them it was fraud).

Some online sleuthing leads me to believe that there was a breach at Walmart's end. There are accusations that customer data was stolen and is for sale on the dark web. Plenty of user comments about recent experiences like mine. If you have a walmart.com account, you might want to change the password before you are victimized.

By cancelling the order, I may have thwarted someone's plans for a fun NYE party. The total order was $470: pizza, gummy bears, flan, dish detergent, laundry detergent, five cases of beer, two bottles of tequila, and three bottles of Scotch.

 

[steelyman]

That’s disconcerting. I had a similar issue (not at Walmart) and Discover was on top of it quickly. No money lost but a new card issued.

 

[Dash man]

A few weeks ago DW received a credit card from TD Bank she hadn’t requested. The application was made online at 4:08am and had all her needed info including SSN, birthdate and our address. It had a strange phone number from Central PA.
Over the week before Christmas, our online accounts at Fidelity, PenFed, Ally and Synchrony Bank we’re all blocked from people trying to access them. Fortunately nothing was lost and we changed all usernames and passwords for our financial accounts. All credit bureaus are frozen too.
This stuff is really nerve wracking!

 

[njhowie]

Thanks. Just changed my walmart.com password and removed the credit card from the account.

 

[harllee]

Thanks, just updated my Walmart password.

 

[MC Rider]

Don't save your credit card info on their site.
Safer that way.

 

[CoolRich59]

Thanks for the heads up. I just changed my password and deleted my stored card as well.

 

[rk911]

Yesterday morning while DH and I were playing pickleball in PA, someone was using my walmart.com account to order curbside pickup of groceries and alcohol in CA.

For some reason I checked the messages on our landline when we got home (I rarely do that). There was a robocall about possible fraud on my Discover credit card, and I "must call immediately!". I ignored the phone number given and called the number on the back of my credit card, fully expecting the representative to tell me there were no alerts on my account. But no, there actually was an unusual charge on my card. So we are getting new cards and I changed my username/password at walmart.com. I also contacted Walmart to cancel the order, which had not yet been shopped (I told them it was fraud).

Some online sleuthing leads me to believe that there was a breach at Walmart's end. There are accusations that customer data was stolen and is for sale on the dark web. Plenty of user comments about recent experiences like mine. If you have a walmart.com account, you might want to change the password before you are victimized.

By cancelling the order, I may have thwarted someone's plans for a fun NYE party. The total order was $470: pizza, gummy bears, flan, dish detergent, laundry detergent, five cases of beer, two bottles of tequila, and three bottles of Scotch.

place a transaction alert on your Discover Card for any transaction >$0. you'll get a virtually instant text about the transaction. we have similar alerts on all of oir cards and bank accounts.

 

[oscar1]

For what it is worth, this link will tell you how strong your passwords are.

https://bitwarden.com/password-strength/. (Scroll down to find the strength check link)

I have been switching to longer pass phrases to hopefully counter some of the shenanigans out there.

 

[badatmath]

Thanks for the heads up. I just changed my password and deleted my stored card as well.

+1

 

[Scuba]

I don’t store my credit card on most sites. It’s a pain to type it in, but much safer.

 

[COcheesehead]

Definitely sign up for instant notification of transactions via text or email.

 

[kgtest]

Yesterday morning while DH and I were playing pickleball in PA, someone was using my walmart.com account to order curbside pickup of groceries and alcohol in CA.

For some reason I checked the messages on our landline when we got home (I rarely do that). There was a robocall about possible fraud on my Discover credit card, and I "must call immediately!". I ignored the phone number given and called the number on the back of my credit card, fully expecting the representative to tell me there were no alerts on my account. But no, there actually was an unusual charge on my card. So we are getting new cards and I changed my username/password at walmart.com. I also contacted Walmart to cancel the order, which had not yet been shopped (I told them it was fraud).

Some online sleuthing leads me to believe that there was a breach at Walmart's end. There are accusations that customer data was stolen and is for sale on the dark web. Plenty of user comments about recent experiences like mine. If you have a walmart.com account, you might want to change the password before you are victimized.

By cancelling the order, I may have thwarted someone's plans for a fun NYE party. The total order was $470: pizza, gummy bears, flan, dish detergent, laundry detergent, five cases of beer, two bottles of tequila, and three bottles of Scotch.

This happened to me earlier this year. All of my saved cards within the wal-mart "wallet" were compromised, charged up via curbside pickup and not even an apology from wal-mart. Thankfully Discover and the other card issuers were kind enough to refund the charges immediately as they proceeded into the fraud investigation.

 

[Boose]

Thanks, Philliefan. Did some housekeeping in my WM app. Useful info like this is what makes this site stand out.

 

[Jimmie]

This has happened 3 times to my DW on her walmart account over past 16 months. She changed password each time, but still had people ordering apple watches on her account for curbside pickup. The 1st time it happened, the crooks got away with the watches and we had to contest the charges with credit card company. Last 2 times, we were able to report the transaction as fraudulent before they picked up the watches. Each time, my DW had hundreds of email spam sent to her inbox at same time as their online order where the crooks hoped the large number of emails would hide their online purchases, but didn't work the last 2 times. She ended up having walmart close her account.

Not storing credit cards with online merchants is best way to stop fraud like this. We only do online purchases with merchants that take paypal as a payment method for extra protection and never use our credit cards.

 

[CDRE]

Thanks for the heads up. I just changed my password and deleted my stored card as well.

+2

 

[rk911]

I don’t store my credit card on most sites. It’s a pain to type it in, but much safer.

+1

 

[rk911]

definitely sign up for instant notification of transactions via text or email.

this! ^^^^^^^^^^^^^^^^^^

 

[COcheesehead]

I don’t store my credit card on most sites. It’s a pain to type it in, but much safer.

I have my credit card number buried in a number string in my notes. I just cut and paste it when I need it. Only I know where to start the cut and paste from so its hidden. I don’t like keying in the numbers.

 

[Sunset]

Thanks OP, just deleted our CC's from the Walmart site.

Normally we don't store CC's on sites, but did for there as I was picking up groceries every week.

 

[Sunset]

I changed the password as well, and here is an interesting thing.

On the USA Walmart site, a password can be 100 characters long

On the Canadian site, it's limited to 26 characters and even worse, they just truncate it without notice.

 

[OverThinkMuch]

Does everyone know Walmart offers 2 factor authentication? Meaning you login with a username and password, and then have to enter a code from some device (or email) you possess. Using "2FA", hackers with your password still can't get into your account.

I wonder what other online ordering websites could have hacks like this? Maybe it's time to add 2FA to amazon and other accounts, too.

 

[Sunset]

Here is a weird thing that happened when I deleted my one credit card on the Walmart site.

A day later I decided to login and change my passwords, and when looking at my account, it showed 2 Credit cards of mine, that I've used in the past , including the one I deleted the previous day.

So I deleted Both. Hopefully they stay deleted.

 

[Philliefan33]

Here is a weird thing that happened when I deleted my one credit card on the Walmart site.

A day later I decided to login and change my passwords, and when looking at my account, it showed 2 Credit cards of mine, that I've used in the past , including the one I deleted the previous day.

So I deleted Both. Hopefully they stay deleted.

I had a similar thing happen with Zoom. When the pandemic first hit I used my personal cc to buy a paid subscription so we could hold virtual BOD meetings. (I had to do it quickly and didn’t have access to a card paid by the association). When my term was up in September 2021 I logged in to the Zoom account, deleted my card, and told the new person to attach a card before the subscription auto-renewed for an annual subscription in November.

Zoom charged my personal card, which I had deleted, for that November renewal.