Reply to post: The Hackers Were Brian Krebs More Easily Than I Was Myself...

Brian Krebs criticises PayPal’s security as authentication flaws exposed

DerekCurrie
WTF?

The Hackers Were Brian Krebs More Easily Than I Was Myself...

Early in December, while using a VNP client, I attempted to buy some software over the Internet while using an exit node located in another country. The location of the exit node lead my attempt to use PayPal into a black hole. It refused to work properly. I ended up buying the software via a credit card instead.

Over the course to two attempts to sort out the lock out from my account via phone reps at PayPal, I ran into incessantly hellish interrogation, including not just Brian's questions, but obscure questions with answers 'collected from the Internet' that I literally could not answer, they were so outrageously obscure. My second attempt to battle through their phone system lead me up FIVE (5) levels of tech support until I finally got a very kind and coherent fellow who, at long bloody last, knew exactly what hat happened, why it had happened, and was able to repair the situation.

IOW: My impression was that using even straight, honest, 'yes this is damned well ME!' attempts to access my own PayPal account was utterly futile until I was furious enough to want to yell into the phone for supervisor after supervisor after supervisor. If these hackers got away with merely answering four digits of both a social security number and credit card (which I too was asked at level 1 of PayPal support), some phone representative NOT following the PayPal protocols I encountered EARLIER in December was being incredibly lazy on the phone.

Conclusion: Bravo to PayPal for having beyond-sane stringent rules for resetting accounts. BOO to PayPal for obviously NOT making this the case across their entire phone rep bank. A phone rep at PayPal is, from my evidence, to blame for falling for the social engineering while ignoring PayPal protocols.

:-Derek Currie

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021