PayPal's Vulnerability Exposes Security Gap

Updated by Chris Vale on

reverse proxy serverMajor companies have been on the alert this year following the high-profile data breaches of several well-known companies, including Target and PF Chang's. Target's data breach, which affected 70 million customers in total, cost the company millions of dollars, as well as the value of consumer trust. Could trusted commerce website PayPal be potentially under fire, as well?

Several weeks ago, researchers working at Duo Labs identified a vulnerability in PayPal's mobile security mechanism. It's two-factor authentication system is supposed to provide an extra layer of protection, combining something the user knows (their credentials) with something they have (a mobile device). After entering credentials a one-time code is sent to the user's mobile device to confirm identity. However, Duo labs found that they could trick the mobile app into ignoring the second step authentication.

On the positive side, the discovery only signals that there is a known flaw currently in PayPal's security -- not that customer information has actually been compromised as a result. The flaw is a big warning signal for all companies, though, who believe they might be immune to system vulnerabilities. PayPal, for its part, released a statement assuring customers that their website remains secure.

"PayPal does not depend on [two-factor authentication] to keep accounts secure," said the statement. "We have extensive fraud and risk detection models and dedicated security teams that work to help keep our customers' accounts secure from fraudulent transactions, everyday."

Many consumers and businesses alike will probably be wary after this incident, especially considering that PayPal parent company eBay dealt with a non-financial data privacy data breach just last month. Does your company use data loss prevention and secure mobile file transfer solutions in order to mitigate potential risks?