PayPal Accounts Hacked Twice; Cybersecurity Expert's Own Profiles Compromised!

PayPal accounts are not entirely secured. With the well known Cybersecurity expert's own account being hacked, it is evident that PayPal accounts are not entirely secured and chances are that accounts could be hijacked.

As cited by BGR, The renowned cybersecurity expert Brian Krebs has discovered this flaw after encountering the situation of his own PayPal account being hacked (Twice) even after trying to gain access to it. Though he himself had been a target of hackers who hate how he exposes their work, the fact that his own account was broken into indicates that nobody Is safe, irrespective of how tech-savvy they were. PayPal's security was blamed in this respect.

"On Christmas Eve morning, I received an email from PayPal stating that an email address had been added to my account. I immediately logged into my account from a pristine computer, changed the password, switched my email address back to the primary contact address, and deleted the rogue email account", Said Krebs, "I then called PayPal and asked how the perpetrator had gotten in, and was there anything else they could do to prevent this from happening again?"

"The customer service person at PayPal said the attacker had simply logged in with my username and password, and that I had done everything I could in response to the attack," he added. "The representative assured me they would monitor the account for suspicious activity, and that I should rest easy."

He added that he went out momentarily and when he returned, the same email has been added back to his account.

"Twenty minutes later I was outside exercising in the unseasonably warm weather when I stopped briefly to check email again: Sure enough, the very same rogue email address had been added back to my account," he said. "But by the time I got back home to a computer, my email address had been removed, and my password had been changed. So much for PayPal's supposed 'monitoring;' the company couldn't even spot the same fraudulent email address when it was added a second time".

Another point to be noted is that hijackers probably used the information about Krebs that's available publically to engineer this hack, so that chances are it wouldn't happen to other regular users, assuming their personal data like security numbers and credit cards aren't out in the public. Isn't it the company's job to ensure security?

Looks like the hackers didn't use any Malware or advanced virus software to steal Krebs' PayPal account and Password. They simply called in, offered the SSN and the four digits of an old credit card and got the information.

According to TECHSPOT, the company locked the account when the assailant attempted to send money to the email account of a hacker "Junaid Hussain", believed to have been a prominent ISIS propagandist.

The entire incident doesn't reflect well on PayPal, with a cybersecurity expert's own Hacked account.