Data exposure via one of Paypal's services

ByEben-Ezer PAKAA

PayPal admits data exhibition via PayPal Working Capital

During six months, personal data of PayPal Working Capital customers including Social security numbers have remained accessible to unauthorized third parties as a result of a simple software error. An incident that illustrates how a technical flaw, even involuntary, can have very concrete consequences for the lives of users. 

Source: ZATAZ.COM 

Facts: Six months of silent exposure

A faulty software change created a silent breach in PayPal's small business financing service.

It's not a classic attack. No pirates forced a front door. This is an access control error which has made private data searchable by third parties for six months without anyone seeing it. 

High-risk data: why it's serious

Data presented

  • Name & First Name
  • Mail Address
  • Telephone number
  • Professional address
  • Date of birth
  • Social Security Number

Concrete risks to victims

In combination with a name, address and date of birth, the social security number is a Full profile exploitable for: 

  • Identity assurpation — creation of false accounts 
  • Targeted social engineering — very personalized scams 
  • Ultra-precise phishing exploiting known information 
  • Fraudulent opening of credit lines 

⚠️ PayPal acknowledges that some customers have experienced unauthorized transactions directly related to this incident and states that it was reimbursed. 

fp (15)

What to do? Lessons & good reflexes

Immediate actions for users

Change your password PayPal, choose a strong and unique one. 

Activate 2FA (two-factor authentication) on your account. 

Watch your records PayPal banks and transactions for any suspicious transaction.  

Beware of the emails, SMS or very personalized calls In the next few weeks. 

The cybersecurity lesson

This incident illustrates a often unknown reality: most data leaks are not caused by sophisticated hackers, but by internal human or technical errors. A simple mistested update can expose hundreds of people. 

For businesses, this reminds us of the importance of code reviews, Predeployment security tests and the continuous monitoring of access sensitive data. 

For any information or recall request

We will reply as soon as possible

Discover the solution
BE RECALLED

Share this article

Facebook
Twitter
LinkedIn

Similar publications

Leave a comment

Your email address will not be published. Required fields are indicated with *