Over the past few weeks, PayPal has been hit with several cybersecurity incidents, including an authentication hack earlier this month in which an attacker could access an account once credentials had been phished, effectively bypassing the online payment giant’s authentication. Now, a new security report claims that PayPal’s entire authentication process can be bypassed through stolen credentials, which are available for purchase on the dark web for as little as $1.50. The report was published by CyberNews.
CyberNews stated that the findings within the report were not taken seriously by PayPal of the team at HackerOne who assesses similar reports. CyberNews reported that they discovered six vulnerabilities in PayPal’s systems, ranging from high-risk exploits that allow an attacker to bypass two-factor authentication, to being able to send malicious code through the platform’s SmartChat system. CyberNews claims they were met with unresponsive staff and a lack of appreciation when reporting the findings to PayPal.
Read More: PayPal ‘Critical’ Login Hack: New Report Warns You Are Now At Risk From Thieves
