Tuesday, December 29, 2015

Yet another reason to never use PayPal

No comments:
I have always hated eBay/PayPal corporation because of their brain-dead approach to security. I drop-kicked them to the curb over 2 years ago because they wanted me to prove my identity (simply because they didn't like the company hosting my e-mail address) using more documentation than the bank required when I got my mortgage.

Well, just in case you didn't think that mattered, security researcher Brian Krebs just reported that his account was hacked - twice in one day - by a hacker with likely ties to terrorism using nothing more than a phone call to customer support and publicly available information (like a social security number and an old credit card number.)

PayPal's official response to this was that they couldn't do anything to prevent it. But they could require Mr. Krebs to send over copies of lots of sensitive ID documents in order to try and get his account back.

It's slim comfort to know that I'm still right about how PayPal is run by a gang of mindless jerks. They make it trivially easy for a hacker to steal your account, but they make it insanely difficult for the legitimate account owner to get his access back.

Am I the only one who thinks it couldn't be worse if it was run by the criminal syndicates themselves? And based on everything I read, I'm not so sure they're not.

Read the rest of the story: 2016 Reality: Lazy Authentication Still the Norm