Skip to main content


PayPal Mobile Apps Plagued by Authentication Flaw: Benjamin Kunz

posted onSeptember 8, 2015
by l33tdawg

An unpatched vulnerability affecting PayPal’s mobile applications can be exploited to access restricted accounts and even bypass the two-factor authentication (2FA) mechanism, a researcher claims.

PayPal can ask users to confirm their identity for fraud protection and due to regulatory obligations. When users are asked to verify their identity, they are blocked from accessing their account and instructed to call or email PayPal to complete the process.

PayPal exec's crazy edible password alternative

posted onApril 20, 2015
by l33tdawg

To Jonathan LeBlanc, global head of developer advocacy at PayPal, the problem is simple: "Passwords are not secure, they need to be replaced."

That's the basic premise of a presentation he's giving at tech gatherings around the world called "Kill All Passwords." "Passwords are so complex it's just a system that doesn't work anymore," said CNET editor Dan Ackerman.

Single step authentication on Galaxy S5 leaves PayPal accounts open to abuse say German researchers.

posted onApril 17, 2014
by l33tdawg

PayPal was left fighting a rear-guard action last night after it emerged the fingerprint scanner seen on the Samsung Galaxy 5 smartphone can easily be bypassed.

Germany's Security Research Labs says the spoofing system allows access to a user's PayPal account, which is an important issue since a key feature of the scanner is one-step access to the PayPal money payment system - effectively replacing the user's ID and password with a fingerprint swipe.

Thirteen PayPal Hackers Plead Guilty in California

posted onDecember 11, 2013
by l33tdawg

Thirteen people recently pled guilty to charges related to their involvement in DDoS attacks against PayPal in December 2010. The attacks were launched in response to PayPal's refusal to accept donations for WikiLeaks (h/t The Register).

The 13 are Christopher Wayne Cooper, Joshua John Covelli, Keith Wilson Downey, Mercedes Renee Haefer, Donald Husband, Vincent Charles Kershaw, Ethan Miles, James C. Murphy, Drew Alan Phillips, Jeffrey Puglisi, Daniel Sullivan, Tracy Ann Valenzuela and Christopher Quang Vo.

Anonymous hackers plead guilty to 2010 PayPal cyberattack

posted onDecember 9, 2013
by l33tdawg

Thirteen people have pleaded guilty to charges they were involved in a 2010 cyberattack on PayPal for the eBay unit's refusal to process payments for WikiLeaks.

The hacktivist collective claimed responsibility for engineering the December 2010 distributed-denial-of-service attack in retaliation for the online payment processing company's suspension of an account linked to WikiLeaks after the document-leaking organization released a large number of classified documents.

Israeli 'good guy' hacker feted by PayPal

posted onSeptember 19, 2013
by l33tdawg

In the hacking world, it takes one to know one. For many corporations, the best defense against hackers is to actually hire a hacker and pay him or her to break into their sites or databases and expose weaknesses in a benign manner. There aren’t that many “white hat” hackers out there, and one of the most in-demand of these hackers is Israeli Shai Rod.

Now, add another feather to Rod’s cap. He was named one of the top ten hackers who have helped PayPal make its site more secure, with his name tacked onto PayPal’s virtual Wall of Fame.

More Singaporean PayPal users fall victim to hackers

posted onMay 27, 2013
by l33tdawg

Hackers stole from many PayPal accounts in Singapore in the past two months, highlighting the need for a higher level of security for accessing online accounts.

The losses range from $50 to more than $3,000, with many victims saying this was the first time it had happened to them.

End of the line for online passwords, says PayPal

posted onFebruary 28, 2013
by l33tdawg

If you run into problems trying to remember a password on your mobile or computer when trying to buy something, then things could be about to get easier.

The days of the lowly password are numbered.

The fact is that the way we users typically deal with having multiple passwords for our online accounts makes us too vulnerable to spyware, phishing and identity theft. Many of us rely on the same password, while many more of us only use three or four passwords. Ideally, the best password would be something like Az1f6&jWz - but you'd never remember it.