PayPal's 2-Factor Authentication Easily Bypassed By Teen Security Researcher

Advertisement
By NDTV Correspondent | Updated: 6 August 2014 11:24 IST
A 17-year-old Australian security researcher has published information describing a shockingly simple way to bypass PayPal's two-factor authentication process for user account credentials. PayPal has often been targeted by criminals and fraudsters, but this particular flaw appears to be a glaring oversight on the part of the company itself and its parent company, eBay Inc.

The teen, Joshua Rogers, had originally discovered the problem in early June and had notified PayPal of the problem. He has now gone public after having received no satisfactory response from the company since then, with a blog post and even a video demonstrating the process.

The flaw arises thanks to a feature of eBay and PayPal that allows accounts on both sites to be linked in order to facilitate incoming and outgoing payments. Anyone with malicious intent could trick eBay into setting a cookie that flags users as already logged in. This indicates to PayPal that it does not need to put users through a verification process when they visit the site directly.

According to Rogers, an eBay account isn't even necessary once you have a specific URL string which sets the two-factor flag.

Two-factor authentication requires users to provide not only a username and password, but also a second tier of credentials before they are allowed access to a website or online service. The second credential is often in the form of a one-time code generated on the spot and sent to the user's pre-registered mobile phone or another offline physical token. In this way, a person trying to access the service can be determined to both know something and have something that only he or she should know and have.

The flaw only removes the second layer of authentication. Attackers still need to be in possession of the primary password. Common criminal tools such as Trojans and keyloggers are frequently used to amass such credentials, which is why two-factor authentication is often considered a necessity.

This is not the first time PayPal's security has been the subject of scrutiny. The service is a particularly high-profile target for attackers considering it is used to store large amounts of money.
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Internet, Joshua Rogers, PayPal, eBay, security
Xolo A550s IPS With 4-Inch Display Now Available Online at Rs. 5,599
Apple App Store Achieves Record-Setting Revenues in July
Advertisement

Related Stories

Bank of Baroda Mini Statement: How to Get Mini Statement Using Different Methods Online
13 February 2026
SpaceX Launches 29 Starlink Satellites on Falcon 9 in Early-Morning Florida Liftoff
5 January 2026
Google and ChatGPT Remain the Most Popular Services as Internet Traffic Grows by 19 Percent: Cloudflare
16 December 2025
Clocks on Mars Run Faster Than on Earth, New Study Finds
15 December 2025
Starlink Executive Clarifies: India Pricing Was a 'Glitch', Still Awaiting Launch Approval
9 December 2025
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Xiaomi 17 Series Leak Hints at Imminent Launch Ahead of MWC at These Prices
  2. Vivo X300 FE Reportedly Bags IMDA and TUV Certifications Ahead of Launch
  3. AI Impact Summit: From Registration to Schedule, All You Need to Know
  4. Samsung Galaxy S26+ Reportedly Listed for Sale Online Ahead of Launch
  5. Oppo Find X10 Series Could Debut This Year With This iPhone-Like Feature
  6. Tecno Spark 50 4G Launch Timeline, Design, Colourways, Key Features Leaked
  7. PS6 Could Reportedly be Delayed to 2029 Due to RAM Shortage
  8. Lava Bold N2 Will Be Launched in India on This Date: See Expected Specs
  9. iPhone 18 Series May Arrive Without a Physical SIM Slot in This Region
  10. Deals on iPhone 17, Google Pixel 10 and More During Flipkart Sale
#Latest Stories
  1. Sony Could Reportedly Delay PS6 to as Late as 2029 Due to RAM Shortage
  2. iPhone 18 Series to Drop SIM Card Slot in Europe to Make Room for Slightly Larger Battery: Report
  3. Poco X8 Pro Spotted on Geekbench With MediaTek Dimensity 8500 Ultra SoC, Android 16
  4. Xiaomi 17, Xiaomi 17 Ultra Global Price Details, Launch Date and Colour Options Leaked
  5. X Building Smart 'Cashtags' to Let Users Check Cryptocurrency Prices in Real-Time
  6. Samsung Galaxy A27 5G Listing on IMEI Database Suggests a Galaxy A26 Successor Is on the Way
  7. Anthropic Inaugurates First Indian Office in Bengaluru, Starts Hiring Local Talent
  8. Apple Tipped to Adopt Samsung's Privacy Display Technology for MacBook Models by 2029
  9. Oppo Find X10 Series Tipped to Launch in H2 2026 With Built-In Magnets for Wireless Charging
  10. AMD and TCS to Co-Develop Helios AI Data Centre Architecture, Deliver 200MW Data Centre Blueprint
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.