1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PayPal helpfully disables two-factor authentication via Twitter DM

Discussion in 'CSO' started by RSS, Sep 11, 2015.

  1. RSS

    RSS New Member Member

    In screenshots posted to Imgur, a PayPal user who was having problems accessing their account had received assistance from support representatives via direct message on Twitter.

    However, while social media as a support system isn't at all uncommon, the solution to the account access issue is a serious problem – Twitter's support staff disabled multi-factor authentication during the DM conversation.

    What's more, the level of authentication required consisted of the account email address, and nothing more.

    The full Imgur post is here.

    Below, the images show the reset and the fallout after, including a reject bug bounty notice, as Social Engineering isn't considered a flaw that's worthy of a reward.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page