PayPal Data Breach: Critical Login Hack

Paypal data breach. Is there any threat at all today for users of the online payment giant, PayPal? What do these threats mean for users?

PayPal is a worldwide online payment system. With this, users can do online money transfers, payments, and other services.

Today, they have a reported 21% growth per year. With a total of 346 million users as of 2020.

In this article, we will take a look at the threats at PayPal. If you are one of its 300 million-plus users, read on to know more.

PayPal Data Breach Concerns

This year has been tough for PayPal. This is because of many reasons.

One of them is the confirmation of an authentication hack. This can give an attacker access to an account after phishing for credentials. And they can do this by bypassing PayPal’s authentication tools.

Then, another report came. It says that it is possible to bypass its whole authentication process. And this gives hackers access to accounts with only the stolen credentials. Then sell these on the dark web.

This report came from CyberNews saying they found six weaknesses in PayPal. Another one is anyone being able to send malicious code via their SmartChat system.

But how does PayPal safeguard their user’s accounts? The company knows everything about both sides of all transactions. Like:

  • behavioral track record
  • login environment
  • recent activity
  • transaction risk potential

So, if you log in from a new device or different location, PayPal will need to ensure it is you. They already confirmed your username and password, so they will run a system check.

Then, once you are in, PayPal will do more checks for every transaction you make.

But CyberNews claims this step is not that safe. They showed a demo that shows a successful login to an account using only basic credentials on a new device. And this screams danger.

This means bypassing is possible with both phished and stolen credentials.

PayPal’s Two-Factor Authentication

Two-factor authentication or 2FA is common today. It is where websites have a secondary identity check for every login to make sure it is the user logging in.

Aside from the username and password, they will send an SMS of a one time come. Or a PIN that is different from a user’s password. Some even use an authenticator app o external security key.

But this is not attack-proof at all. With all the strategies to bypass 2FA like SIM jacking and the likes. Thus, the FBI said only biometrics are attack-proof.

So, what is PayPal’s 2FA? Their 2FA will prevent hackers from getting access without your cellphone or authenticator app. Making it impossible to do a back-end security check bypass.

And this security feature of Paypal was not bypassed by CyberNews. Making it clear that this is a feature that is safer than the other features.

Then, PayPal is now making moves to answer the concerns that are mentioned above.

So, as a user, what do you think of PayPal’s security? Let us see the financial company’s next security steps in the coming months.

Rate this post:

Leave a Comment

Your email address will not be published.