All Posts in security

January 4, 2016 - Comments Off on PayPal Hacked!

PayPal Hacked!

A well known Security expert had his PayPal account hacked over the holidays. I've been mad at PayPal ever since they caused me so much grief in getting a simple refund when I used them to pay for some clothes at a local retailer, so this doesn't surprise me. What everyone should take away from this is how easy it really is to gain access to what you think are your secure accounts.

In my second call to PayPal, I insisted on speaking with a supervisor. That person was able to tell me that, as I suspected, my (very long and complex) password was never really compromised. The attacker had merely called in to PayPal’s customer support, pretended to be me and was able to reset my password by providing nothing more than the last four digits of my Social Security number and the last four numbers of an old credit card account.

Any company that authenticates customers with nothing more than static identifiers — address, SSN, DOB, phone number, credit card number, etc. — is vulnerable to these takeover attempts.

This is an article you can actually share with the title, "must read" and it not be a fakery.

Source: 2016 Reality: Lazy Authentication Still the Norm — Krebs on Security