Brian Krebs' PayPal Account Compromised Again

The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang tied to the jihadist militant group ISIS. Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations — including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves.

[via Krebs on Security]

I consider myself a privacy and security wonk. I take the best measures that are readily accessible to secure my online presence. I use long pseudorandom passwords, I change most account passwords a few times a year, and I employ 2-Factor authentication whenever possible.

The bottom line is that no amount of good passwords and out-of-band security is a match for a determined hacker and poor company policies.

It never ceases to amaze me that financial institutions seem to be the worst offenders when it comes to data security. They are often susceptible to social engineering, they allow passwords to be brute-forcible by limiting password character lengths, and rarely offer any sort of 2-factor authentication.


Typed on Octopage

Dialogue & Discussion