An Interest In:
Web News this Week
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
Some of Our Sources
- BoingBoing
- Engadget
- TutsPlus - Code
- Six Revisions
- Creative Curio
- Inspiredology
- My Ink Blog
- Web Design Ledger
- Stylized Web
- TechPowerUp
Help Webnuz
Referal links:
April 6, 2020 06:55 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fJbK4h1lfB0/paypal-and-venmo-are-letting-sim-swappers-hijack-accounts
PayPal and Venmo Are Letting SIM Swappers Hijack Accounts
An anonymous reader quotes a report from Motherboard: Several major apps and websites, such as Paypal and Venmo have a flaw that lets hackers easily take over users' accounts once they have taken control of the victim's phone number. Earlier this year, researchers at Princeton University found 17 major companies, among them Amazon, Paypal, Venmo, Blizzard, Adobe, eBay, Snapchat, and Yahoo, allowed users to reset their passwords via text message sent to a phone number associated with their accounts. This means that if a hacker takes control of a victim's cellphone number via a common and tragically easy to perform hack known as SIM swapping, they can then hack into the victim's online accounts with these apps and websites. Last week, two months after their initial outreach to the companies to report this flaw in their authentication mechanisms, the Princeton researchers checked again to see if the companies had fixed the problem. Some, including Adobe, Blizzard, Ebay, Microsoft, and Snapchat, have plugged the hole. Others have yet to do it. Paypal and Venmo, given that they are apps that allow users to exchange money and are linked to bank accounts or credit cards, may be the most glaring examples. Motherboard verified this week that it's possible to reset passwords on Paypal and Venmo via text message. Fear not, there is a solution. "The easiest way to make it impossible for SIM swappers to take over your accounts after they hijack your number is to unlink your phone number with those accounts, and use a VoIP number -- such as Google Voice, Skype, or another -- instead," reports Motherboard. "Google Voice numbers, given that they're not actually linked to a real SIM card, are much harder to hijack."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/fJbK4h1lfB0/paypal-and-venmo-are-letting-sim-swappers-hijack-accounts
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot