HACKER Q&A
📣 instance

PayPal 2-factor utterly broken?


Is it just me?

I just lost our paypal account for my company just by deleting an old phone number in the settings and adding a new one. After logging out there is no way to log back in, they refer me to their hotline.

A similar thing happened years ago when they introduced 2-factor, I never got that account back since I simply couldn't get through on their hotline. I had a private account with an old number, they introduced 2-factor and I missed their emails about it, and when I tried to login later, I was basically locked out.

Honestly we don't need Paypal in my company. So I guess I will heavily advocate against it in any companies I own or work in going forward.

  👤 ivm Accepted Answer ✓
PayPal appears to be in a horrible state: I just got $3k stolen, probably via their SMS-based(!!) login[1] I had no idea about. I had 2FA disabled because it doesn't work in Safari which also means iOS app is unusable.

But after I detected the first unauthorized withdrawal of $1.5k and enabled 2FA, the hacker still was able to make the second one a couple of days later! I'm appalled by the abysmal level of their security.

[1]: https://www.paypal-community.com/t5/Managing-Account/How-do-...

👤 lioeters
Yup, same thing happened to me, locked out of PayPal thanks to their broken 2-factor. I can change my password but can't log in because they have my old number on file. I heard there's a class action suit of people whose money is being held hostage in similar ways. I'm telling everyone I know to avoid using them for personal or especially business purpose. If you must use PayPal, do not leave any money in there for long because you can lose access at any time due to their incompetence.