Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
When Sarah Luke found out her personal details had been shared on the dark web, she never imagined it would lead to two US court actions and a million-dollar damages bill.
i don’t think paypal did much wrong here: the 35k accounts wasn’t really their fault… their “breach” was credential stuffing: criminals trying usernames and passwords from other breaches… there’s not much they can do to fix that except enforce MFA (this is just 1 of many reasons it’s so important!)
i don’t think paypal did much wrong here: the 35k accounts wasn’t really their fault… their “breach” was credential stuffing: criminals trying usernames and passwords from other breaches… there’s not much they can do to fix that except enforce MFA (this is just 1 of many reasons it’s so important!)
Yes, optional MFA isn’t good enough for a regulated financial service. That should be mandatory.