InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
4,967.23
(
-0.88%
)
US TECH 100
16,556.80
(
-2.24%
)
Dow Jones
37,986.40
(
0.56%
)
Brent Oil
86.63
(
0.00%
)
Bitcoin
63,683.12
(
-0.22%
)
Post# of 248697
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2491
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Sunday, 01/19/2020 1:12:33 PM

Sunday, January 19, 2020 1:12:33 PM

Post# of 248697
Paypal confirms users may have been affected by security breach

https://consumerandsociety.com/2020/01/14/paypal-confirms-users-may-have-been-affected-by-security-breach/

According to a report by a security analyst, Alex Birsan, PayPal has put user passwords at risk to hackers. PayPal has confirmed the claims and admitted that weaknesses in its security could have put users at risk in early December 2019.

The issue was disclosed last week, and Birsan, the researcher, reportedly, was awarded $15,300 for discovering the issue. He said that he discovered the flaw in the site’s security when looking at the main authentication flow on the website itself.

He noticed that the JavaScript file on the website didn’t look right and contained what seemed like a cross-site request forgery (CSRF) token and a session ID. He noted that this means that revealing session data within a JavaScript file “usually allows it to be retrieved by attackers.”

In a public disclosure, he said that “This is the story of a high-severity bug affecting what is probably one of PayPal’s most visited pages.” Brisan says that there was a work-around to PayPal’s security measures that was easy to discover by hackers.

PayPal has since carried out its own investigations into the concerns. It says that “sensitive, unique tokens were being leaked in a JS file used by the recaptcha implementation,”

When using the site, in some cases, users are required to authenticate the page by solving a CAPTCHA challenge. If there are a number of failed attempts to log in, users may not be required to carry out the authentication challenge.

PayPal added that, in order for the security flaw to happen, users would have to follow a link from a malicious site and then be tricked into giving their login details and password. If they did this, hackers could obtain the information and complete the security test.

The company said in a statement, “This exposure only occurred if a user followed a login link from a malicious site, similar to a phishing page.”
==================================================================
5 reasons why Wave Knowd would be a great authentication solution for Paypal and its customers:

1. Wave and PayPal tested under NSTIC.

2. Wave Knowd would be simple to use and secure for PayPal and its customers.

3. CAPTCHAs would be a thing of the past.

4. PayPal would be uniquely and be better protected vs. other 2FA products.

5. Occurrences like in the article above wouldn't happen if Wave Knowd became available.

Please see previous post for more information on Wave Knowd!!




Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up