Flaw Found in PayPal’s Authentication Process

July 1, 2014, Written By Bill Hardekopf
Paypal

PayPal is one of the most trusted online payment processors, but a flaw was recently discovered in its two-factor authentication process. PayPal asserts that no account information was revealed during the breach, and they are now aware of vulnerability in their system that they will have to address.

Researchers at Duo Labs in Michigan have identified a way to get past the authentication process in PayPal’s two-step security mechanism for mobile users. This mechanism requires a user to receive a code after entering their username and password that further verifies their identity. They use the code to log into their accounts. Duo Labs found that they could bypass the two part system by entering a username and password and then tricking the app into ignoring the second step.

“There are plenty of cases of PayPal passwords being compromised in giant database dumps, and there’s also been a giant rise in PayPal related phishing,” Zach Lanier, Duo Labs senior security researcher, told Thread Post.

The fact that PayPal could be compromised might put a strain on its reliability.

So far, no hackers have exploited the vulnerability, and PayPal is confident that its accounts remain secure.

In a statement, the company said, “PayPal does not depend on [two-factor authentication] to keep accounts secure. We have extensive fraud and risk detection models and dedicated security teams that work to help keep our customers’ accounts secure from fraudulent transactions, everyday.”



The information contained within this article was accurate as of July 1, 2014. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.