Skip to main content

Brian Krebs exposes major flaws in PayPal’s security system

You can have the most secure password in the world, but as it turns out, there’s no defense against poor company security. Security expert Brian Krebs learned that the hard way when he discovered that his PayPal account was compromised due to what he claimed was a lack of authentication and security protocols on PayPal’s end.

On Christmas Eve, the cybersecurity journalist who runs the popular KrebsOnSecurity site became the victim of a hacking attempt, with the offenders seeking to use the hack to send money to a group with ISIS connections. And while Krebs has long drawn the ire of hackers everywhere, he’s now made a new enemy of PayPal as well.

Recommended Videos

Accusing the payment company of insufficient security to protect user information, Krebs used his own firsthand account to highlight flaws in PayPal’s system. “The successful takeover of the account speaks volumes about why most organizations — including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves,” Krebs wrote on his blog.

As the journalist tells it, he received an email from PayPal on the morning of December 24, “stating that an email address had been added to my account.” Immediately after receiving this notification, he “changed the password, switched [his] email address back to the primary contact address, and deleted the rogue email account.” He also contacted a PayPal representative, who promised the company would “monitor the account for suspicious activity.”

But a mere 20 minutes later, he found that the same email address had been re-added. “By the time I got back home to a computer, my email address had been removed and my password had been changed,” Krebs wrote. “So much for PayPal’s supposed ‘monitoring;’ the company couldn’t even spot the same fraudulent email address when it was added a second time.”

When Krebs called PayPal again, he discovered just how easy it was for the hacker to gain access to his account. “The attacker had merely called in to PayPal’s customer support, pretended to be me, and was able to reset my password by providing nothing more than the last four digits of my Social Security number and the last four numbers of an old credit card account,” a supervisor told the security expert. Needless to say, this didn’t sit too well with Mr. Krebs.

Ultimately, says Krebs, the key lies in implementing a more robust anti-fraud system, including the ideal — mobile device authentication. “This would help cut down on account takeovers and reduce the threat of costly, fraudulent credit card donations via hacked accounts,” he wrote. “Until then, PayPal will continue to expose its users unnecessarily to security and privacy threats.”

PayPal has since responded to the unflattering incident, stating, “The safety and security of our customers’ accounts, data and money is PayPal’s highest priority … While Mr Krebs’ funds remained secure, we are sorry that this unacceptable situation arose and we are reviewing the matter in order to prevent it from happening again.”

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
PayPal vs. Venmo vs. Cash App vs. Apple Cash: which app should you use?
PayPal, Venmo, Cash App, and Apple Wallet apps on an iPhone.

We’re getting closer every day to an entirely cashless society. While some folks may still carry around a few bucks for emergencies, electronic payments are accepted nearly everywhere, and as mobile wallets expand, even traditional credit and debit cards are starting to fall by the wayside.

That means many of us are past the days of tossing a few bills onto the table to pay our share of a restaurant tab or slipping our pal a couple of bucks to help them out. Now, even those things are more easily doable from our smartphones than our physical wallets.

Read more
How to change margins in Google Docs
Laptop Working from Home

When you create a document in Google Docs, you may need to adjust the space between the edge of the page and the content -- the margins. For instance, many professors have requirements for the margin sizes you must use for college papers.

You can easily change the left, right, top, and bottom margins in Google Docs and have a few different ways to do it.

Read more
What is Microsoft Teams? How to use the collaboration app
A close-up of someone using Microsoft Teams on a laptop for a videoconference.

Online team collaboration is the new norm as companies spread their workforce across the globe. Gone are the days of primarily relying on group emails, as teams can now work together in real time using an instant chat-style interface, no matter where they are.

Using Microsoft Teams affords video conferencing, real-time discussions, document sharing and editing, and more for companies and corporations. It's one of many collaboration tools designed to bring company workers together in an online space. It’s not designed for communicating with family and friends, but for colleagues and clients.

Read more