When Sarah Luke found out her personal details had been shared on the dark web, she never imagined it would lead to two US court actions and a million-dollar damages bill.
I wonder if the government and ASIC shouldn’t take a closer look at Paypal as well. According to Ms Luke her account was one of 35,000 Paypal accounts breached in an incident last year and criminals used it to process thousands of transactions over a couple of days.
i don’t think paypal did much wrong here: the 35k accounts wasn’t really their fault… their “breach” was credential stuffing: criminals trying usernames and passwords from other breaches… there’s not much they can do to fix that except enforce MFA (this is just 1 of many reasons it’s so important!)
I wonder if the government and ASIC shouldn’t take a closer look at Paypal as well. According to Ms Luke her account was one of 35,000 Paypal accounts breached in an incident last year and criminals used it to process thousands of transactions over a couple of days.
i don’t think paypal did much wrong here: the 35k accounts wasn’t really their fault… their “breach” was credential stuffing: criminals trying usernames and passwords from other breaches… there’s not much they can do to fix that except enforce MFA (this is just 1 of many reasons it’s so important!)
Yes, optional MFA isn’t good enough for a regulated financial service. That should be mandatory.