![]() ![]() ![]() you another way and then add your new phone number to your account.Ĭontact options for Paypal at the moment are accessed by clicking help/contact bottom left of Paypal pages.ġ. If that does not work then you would need to contact customer services so that they can i.d. Changing the password a few times sometimes works as it can bypass the phone verification. Trying again another day when sometimes you can get in without doing the verification and then change the number.ĥ. Trying another browser that may let you in without phone verification (then change it when you have logged in).Ĥ. This article originally appeared on the Lumension blog.įound this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.Downloading the app to see if it will let you in to change / update it in the settings.ģ. What do you think of this issue? Was Duo Security right to publicise the flaw? Has PayPal dropped the ball when it comes to implementing two-factor authentication? Leave a comment below sharing your thoughts. PayPal, owned by online auction giant eBay, was reported by The Guardian as saying that “all PayPal accounts remain secure”, but that they have taken action to mitigate the issue:Īs a precaution we have disabled the ability for customers who have selected 2FA to log in to their PayPal account on the PayPal mobile app and on certain other mobile apps until an identified fix can be implemented in the next few weeks.ĮBay, of course, has had its own security headaches this year. That’s another reason why it’s so important to use a unique, hard-to-crack password for every website that you access, as well as being on your guard from phishing attacks and keylogging spyware. Of course, the 2FA workaround can’t be put into play by hackers if they don’t know your PayPal password. It appears to me that PayPal made it much too easy for fraudsters to trick PayPal into believing a user had not enabled two-factor authentication, even when they had.Īnd, the implication is that the flaw in PayPal’s systems may have been present since the firm launched its first mobile app way back in 2008. Views may differ as to whether Duo was right to go public about the flaw when it did, but now the news is out. There then followed a fair amount of back-and-forth between the companies, with Duo seemingly frustrated at slow response from PayPal, and PayPal requesting that Duo delayed its public disclosure of the flaw. Saltman informed PayPal’s security team about the bug back in March, but after receiving a lack of response turned to Duo – specialists in two-factor authentication – to see if they could confirm the security flaw and leverage any contacts they had inside PayPal. ![]() Duo Security, who publicised the flaw, claims that the “shoddy” vulnerability lies primarily in the authentication flow for the PayPal API web service - an API used by PayPal’s official mobile applications, as well as numerous third-party merchants and apps - and also partially in the official iOS and Android mobile apps themselves.ĭuo’s blog post goes into much more detail, and shows that the problem was initially discovered by Dan Saltman of. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |