As we are drawing closer to the weekend, some people are nursing financial wounds inflicted on their PayPal accounts last weekend.
If you are among the lucky ones whose account was not affected, then you must have heard the news that some PayPal accounts were hacked into, and the hackers gifted themselves merchandise worth tens of thousands.
How it Happened that PayPal got Hacked
This article is going to look at how that hack on PayPal happened, has anything been done to fix the breach, and are you still vulnerable?
The first reported incidence of suspicious activities on PayPal that could suggest a possible hacker intrusion was on Friday last week. The intrusions primarily targeted PayPal accounts that have integrated Google Pay services.
It now emerges that the system integrating PayPal and Google Pay services is not as secure as both two companies would like us to believe. There was a security flaw in the system that neither the two companies had noticed, or they were both complacent.
Most of the victims of last weekend’s hack on PayPal seem to be mostly from Germany. The total amount of money that the hackers seem to have gotten away with runs into tens of thousands of Euros. However, there is no official figure given by PayPal, at least not yet.
Also, the company does not seem to be on top of the situation. The company could not give an official statement on what exactly happened, although they say investigations are already ongoing.
3rd Party Security Researchers’ Verdict
According to reports doing rounds online, several security researchers had flagged a security flaw in the PayPal-Google Pay integration system. Some of these reports were made as early as February 2019. It appears like PayPal was complacent and did not act on the reports.
The prevailing theory on how the hack might have happened says that PayPal’s contactless payment via Google Pay has a security flaw. Attackers can read the details of the PayPal-issued virtual card integrated into the Google Pay system without the need for authorization.
Experts further say that the card details can be guessed and the correct information obtained. However, for reading the card details from the user device, the hacker must be close enough to the user. Alternatively, they could use hacking malware tools to target certain user devices.
Other purported Security Flaws on PayPal
For such a big and well-established digital payment solution, PayPal sure seems complacent in addressing security concerns. For instance, this week, the CyberNews published an article talking about how they discovered numerous flaws in the PayPal platform.
For one, you can bypass the 2FA, get phone verification without a need for the one-time pin. You can also send money while circumventing the security measures by using a new device or VPN services. For more on these alleged security flaws, head on to the CyberNews website for more details.