Well, just in case you didn't think that mattered, security researcher Brian Krebs just reported that his account was hacked - twice in one day - by a hacker with likely ties to terrorism using nothing more than a phone call to customer support and publicly available information (like a social security number and an old credit card number.)
PayPal's official response to this was that they couldn't do anything to prevent it. But they could require Mr. Krebs to send over copies of lots of sensitive ID documents in order to try and get his account back.
It's slim comfort to know that I'm still right about how PayPal is run by a gang of mindless jerks. They make it trivially easy for a hacker to steal your account, but they make it insanely difficult for the legitimate account owner to get his access back.
Am I the only one who thinks it couldn't be worse if it was run by the criminal syndicates themselves? And based on everything I read, I'm not so sure they're not.
Read the rest of the story: 2016 Reality: Lazy Authentication Still the Norm
No comments:
Post a Comment