Skip to main content
Google Pay programm beenden java users could be programm beenden java left programm beenden java out of pocket programm beenden java by PayPal programm beenden java fraud bug
Headquarters
(Image credit: PayPal)

Criminals have programm beenden java taken advantage of a bug programm beenden java in PayPal's Google programm beenden java Pay integration to execute unauthorized programm beenden java transactions.

Users programm beenden java on PayPal's programm beenden java forums, Reddit, programm beenden java Twitter and Google programm beenden java Pay's Russian and German support forums have programm beenden java all reported programm beenden java seeing mysterious programm beenden java transactions show programm beenden java up in their PayPal history which programm beenden java originated from programm beenden java their Google Pay accounts.

According to programm beenden java the victims, hackers abused their programm beenden java Google Pay programm beenden java accounts to buy products using programm beenden java linked PayPal accounts. Most of programm beenden java the illegal transactions that have occurred programm beenden java so far have taken place at stores programm beenden java in the programm beenden java US with a programm beenden java number of programm beenden java them programm beenden java happening at Target stores across programm beenden java New York. As programm beenden java of now, programm beenden java most programm beenden java of programm beenden java the programm beenden java victims appear to be German users.

Based on programm beenden java public programm beenden java reports, the damages programm beenden java from programm beenden java these fraudulent programm beenden java transactions are in the programm beenden java tens of thousands programm beenden java of euros range programm beenden java and programm beenden java some of them even programm beenden java go over 1,000 euros.

Possible explanation

The German programm beenden java security programm beenden java researcher Markus Fenske programm beenden java believes that the recent string programm beenden java of illegal transactions appear programm beenden java to be programm beenden java similar to a bug programm beenden java that he programm beenden java and programm beenden java fellow security researcher Andreas Mayer programm beenden java reported to PayPal programm beenden java in programm beenden java February programm beenden java of last year.

According to programm beenden java Fenske, the bug he programm beenden java discovered has to do with programm beenden java the fact that programm beenden java when you link programm beenden java a PayPal account to a Google Pay programm beenden java account, PayPal creates programm beenden java a virtual card programm beenden java with its own card number, expiration date and programm beenden java CVC. When Google programm beenden java Pay users make programm beenden java contactless payments using funds from their programm beenden java PayPal accounts, these transactions programm beenden java are programm beenden java charged using this virtual card.

Fenske programm beenden java believes that hackers have discovered programm beenden java a way to figure out the details of programm beenden java these “virtual programm beenden java cards” and they are programm beenden java now programm beenden java using them to carry programm beenden java out unauthorized programm beenden java transactions at US stores. However, Fenske's programm beenden java theory is programm beenden java just that programm beenden java as programm beenden java he and Mayer programm beenden java are programm beenden java just guessing as programm beenden java to the programm beenden java real cause programm beenden java of these programm beenden java attacks.

PayPal's security team carried programm beenden java out an investigation into programm beenden java the matter and programm beenden java according to the online payments programm beenden java giant, they have addressed the programm beenden java issue programm beenden java which was being exploited but programm beenden java it programm beenden java is still worth checking your PayPal programm beenden java statements for programm beenden java any programm beenden java irregularities.

Via ZDNet