Monday, March 1, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

PayPal accounts are getting abused en-masse for unauthorized payments

February 25, 2020
in Internet Security
PayPal accounts are getting abused en-masse for unauthorized payments
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Hackers have found a bug in PayPal’s Google Pay integration and are now using it to buy products online and incur unauthorized charges to PayPal accounts.

Since last Friday, users have reported seeing mysterious transactions pop up in their PayPal history as originating from their Google Pay account.

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Issues have been reported on numerous platforms, such as PayPal’s forums [1, 2, 3, 4, 5, 6, 7], Reddit [1, 2], Twitter, [1, 2], and Google Pay’s Russian and German support forums [1, 2, 3, 4, 5, 6, 7, 8, 9, 10].

Victims report that hackers are abusing their Google Pay accounts to buy products using linked PayPal accounts. According to screenshots and various testimonies, most of the illegal transactions are taking place at US shopping stores, and especially at Target stores.

Most of the victims appear to be German users.

Estimated damages are in the range of tens of thousands of euros, based on public reports. Some transactions go over €1,000.

What bug hackers are exploiting is not yet clear. PayPal told ZDNet they are investigating the issue. A Google spokesperson did not return a request for comment before this article’s publication.

A German security researcher has a theory

Today, on Twitter, a German security researcher named Markus Fenske claimed the illegal transactions that have been reported over the weekend appear to be similar to a bug he and fellow security researcher Andreas Mayer reported to PayPal in February 2019, but which PayPal did not prioritize to fix.

Fenske told ZDNet that the issue stems from the fact that when you link a PayPal account to a Google Pay account, PayPal creates a virtual card, complete with its own card number, expiration date, and CVC.

When a Google Pay user choose to make a contactless payment using funds from his PayPal account, the transaction is charged via this virtual card.

“If the virtual card was locked to POS transactions only, there would be no issue, but PayPal allows this virtual card to be used for online transactions,” Fenske told ZDNet today in an interview.

Fenske now believes hackers found a way to discover the details of these virtual cards and are using their details for unauthorized transactions online.

The researcher said there could be three ways in which an attacker could get a virtual card’s details. First, by reading the card details from a user’s phone/screen. Second, programmatically, by using malware that infected a user’s device. Third, by guessing it.

“It could be possible that the attacker just brute-forced the card number and the validity date, which is in a span of about a year or so,” Fenske said. ” That makes a rather small search space.”

“The CVC does not matter,” he added. “Any is accepted.”

PayPal is investigating

However, Fenske was the first one to tell ZDNet that he and Mayer are just guessing about the real cause of the attack — even if the details fit with the bug they reported last year.

On the other hand, PayPal’s security team began an investigation into the unauthorized transactions as soon as ZDNet reached out a few hours ago.

The PayPal staff is looking at different issues — including the attack scenario described by Fenske today, and his February 2019 bug report.

“The security of customer accounts is a top priority for the company,” a PayPal spokesperson told ZDNet. “We are reviewing and assessing this information and will take any appropriate actions that are deemed necessary to further protect our customers. “

h/t: Günter Born


Credit: Zdnet

Previous Post

Zion Williamson Could Surpass LeBron James If He Fixes These Three Things

Next Post

How Much Training Data is required for Chatbot Development?

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
How Much Training Data is required for Chatbot Development?

How Much Training Data is required for Chatbot Development?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

The Bayesian vs frequentist approaches: implications for machine learning – Part two
Data Science

The Bayesian vs frequentist approaches: implications for machine learning – Part two

March 1, 2021
Google’s deep learning finds a critical path in AI chips
Machine Learning

Google’s deep learning finds a critical path in AI chips

March 1, 2021
9 Tips to Effectively Manage and Analyze Big Data in eLearning
Data Science

9 Tips to Effectively Manage and Analyze Big Data in eLearning

March 1, 2021
Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ
Machine Learning

Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ

March 1, 2021
The Future of AI in Insurance
Data Science

The Future of AI in Insurance

March 1, 2021
Machine Learning as a Service (MLaaS) Market Analysis Technological Innovation by Leading Industry Experts and Forecast to 2028 – The Daily Chronicle
Machine Learning

Machine Learning as a Service (MLaaS) Market Global Sales, Revenue, Price and Gross Margin Forecast To 2028 – The Bisouv Network

March 1, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • The Bayesian vs frequentist approaches: implications for machine learning – Part two March 1, 2021
  • Google’s deep learning finds a critical path in AI chips March 1, 2021
  • 9 Tips to Effectively Manage and Analyze Big Data in eLearning March 1, 2021
  • Machine Learning & Big Data Analytics Education Market 2021 Global Industry Size, Reviews, Segments, Revenue, and Forecast to 2027 – NeighborWebSJ March 1, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates