Security expert Brian Krebs criticises PayPal after hack attempt

Brian Krebs is often under cyber attack as a campaigner and journalist reporting on hacks and the like. And his latest experience relates to his PayPal account.

Here’s what he says in an article about recent experiences: “My PayPal account was hacked on Christmas Eve. The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang tied to the jihadist militant group ISIS. Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations — including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves.”

Apparently, the hacker phoned PayPal and managed to add an email address to Krebs’s PayPal account using pretty basic information as authentication. Krebs then had to endure a real rigmarole when contacting PayPal to sort the problem out on Christmas Eve.

Obviously, most of us aren’t in the public eye to the same extent Krebs is but I really do encourage you all to read this article about PayPal’s security because if you were subject to such a problem as a seller, it represents genuine business risk that could cause havoc.

Amended to add:
PayPal have been in touch with this statement:

“The safety and security of our customers’ accounts, data and money is PayPal’s highest priority. Due to our privacy policies that protect our customers, PayPal does not publicly disclose details about our customers’ accounts or their specific cases. However, it appears that our standard procedures were not followed in this case. While the funds remained secure, we are sorry that this unacceptable situation arose and we are reviewing the matter in order to prevent it from happening again.”