PayPal and Venmo Are Letting SIM Swappers Hijack Accounts
Even after being warned by researchers, some companies still haven’t fixed systems that make it easy for hackers to take over accounts. Several major apps and websites, such as Paypal and Venmo have a flaw that lets hackers easily take over users’ accounts once they have taken control of the victim’s phone number. Earlier this year, researchers at Princeton University found 17 major companies, among them Amazon, Paypal, Venmo, Blizzard, Adobe, eBay, Snapchat, and Yahoo, allowed users to reset their passwords via text message sent to a phone number associated with their accounts.
This means that if a hacker takes control of a victim’s cellphone number via a common and tragically easy to perform hack known as SIM swapping, they can then hack into the victim’s online accounts with these apps and websites.