Skip to main content
  1. Home
  2. Web
  3. News

Brian Krebs exposes major flaws in PayPal’s security system

By

amazon paypal news office
Ken Wolter
You can have the most secure password in the world, but as it turns out, there’s no defense against poor company security. Security expert Brian Krebs learned that the hard way when he discovered that his PayPal account was compromised due to what he claimed was a lack of authentication and security protocols on PayPal’s end.

On Christmas Eve, the cybersecurity journalist who runs the popular KrebsOnSecurity site became the victim of a hacking attempt, with the offenders seeking to use the hack to send money to a group with ISIS connections. And while Krebs has long drawn the ire of hackers everywhere, he’s now made a new enemy of PayPal as well.

Recommended Videos

Accusing the payment company of insufficient security to protect user information, Krebs used his own firsthand account to highlight flaws in PayPal’s system. “The successful takeover of the account speaks volumes about why most organizations — including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves,” Krebs wrote on his blog.

Related

As the journalist tells it, he received an email from PayPal on the morning of December 24, “stating that an email address had been added to my account.” Immediately after receiving this notification, he “changed the password, switched [his] email address back to the primary contact address, and deleted the rogue email account.” He also contacted a PayPal representative, who promised the company would “monitor the account for suspicious activity.”

But a mere 20 minutes later, he found that the same email address had been re-added. “By the time I got back home to a computer, my email address had been removed and my password had been changed,” Krebs wrote. “So much for PayPal’s supposed ‘monitoring;’ the company couldn’t even spot the same fraudulent email address when it was added a second time.”

When Krebs called PayPal again, he discovered just how easy it was for the hacker to gain access to his account. “The attacker had merely called in to PayPal’s customer support, pretended to be me, and was able to reset my password by providing nothing more than the last four digits of my Social Security number and the last four numbers of an old credit card account,” a supervisor told the security expert. Needless to say, this didn’t sit too well with Mr. Krebs.

Ultimately, says Krebs, the key lies in implementing a more robust anti-fraud system, including the ideal — mobile device authentication. “This would help cut down on account takeovers and reduce the threat of costly, fraudulent credit card donations via hacked accounts,” he wrote. “Until then, PayPal will continue to expose its users unnecessarily to security and privacy threats.”

PayPal has since responded to the unflattering incident, stating, “The safety and security of our customers’ accounts, data and money is PayPal’s highest priority … While Mr Krebs’ funds remained secure, we are sorry that this unacceptable situation arose and we are reviewing the matter in order to prevent it from happening again.”

Editors’ Recommendations

Topics
Lulu Chang
Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
A new Best Buy sale just started – our 11 favorite deals
Presidents Day sales with electonic devices packed in open boxes.

If you've been looking to do some shopping recently but haven't found the best time, you're in luck! Best Buy has just started an excellent weekend sale with many different products, but, to help save you some hassle, we've collected our 11 favorite deals from the bunch, ranging from robot vacuums to gaming laptops. So, without further ado, let's dive right in!
Shark ION Robot RV761 -- $143, was $260

If you're looking to dip your toes into robot vacuums without spending a lot, the Shark ION Robot RV761 falls within the Shark Ion 700 range and has a few nifty features, making it a good starting robot vacuum. For example, it has a triple brush mechanism that makes it great for picking up pet hair and does relatively well on carpeted flooring. It also has its own that allows you to schedule and control it to fit your schedule, and it comes with sensing technology that lets it avoid bumping into things. On the other hand, it doesn't have home mapping, which is great for the privacy-minded, but that does mean the occasional bump does happen. The Shark ION RV761 has about 90 minutes of battery life before it takes itself in for recharging.

Read more
When is Prime Day 2023? Dates confirmed for the shopping event
Best Prime Day 2022 Deals graphic with multiple products.

After weeks of speculation, we finally know when Prime Day 2023 is kicking off. Amazon has announced that the event will start July 11 at 3AM ET and will run through July 12. As always, Prime members can score some fantastic deals from the sale with popular brands like Peloton, Victoria's Secret, YETI, and Sony just some of the names being touted by Amazon as featuring in the big sale. Members will also be able to shop more deals on small business products than ever before too. As always, expect great discounts on Amazon-owned properties like Kindles, Ring doorbells, Amazon Echo units, and so much more. It's the sale we've all been waiting for since Black Friday.

The Prime Day deals promise to drop every 30 minutes during select periods with deep discounts expected. Select discounts on other Amazon-related things are already available such as 20% off in-store purchases at when you spend $50 or more and . It's a small taste of what is no doubt to come with other Amazon properties likely to see discounts.

Read more
Another big sale is happening at the same time as Prime Day
A variety of electronic devices in open boxes.

Target just revealed that Target Circle Week will run from July 9 to July 15, overlapping with Amazon's Prime Day that's scheduled for July 11 to July 12.

The big sale event will be open to members of the retailer's Target Circle loyalty program, who will be able to receive discounts of up to 50% for certain items. If you're not yet a member, don't worry -- you can join at any time, and membership is free. Once you've signed up, you'll be able to earn 1% from every purchase to redeem at a later time, access exclusive deals, and get 5% off for your birthday, among other benefits.

Read more