A number of PayPal users lost some money over the weekend and this might be the how it happened.

PayPal users must have been apprised by the news that some accounts were hacked just some few days past. And the funds stolen by the intruders were used to gift themselves some merchandise primarily from American stores. The hack took advantage of the PayPal and the Google pay integration that was apparently not secured robustly and may have been overlooked by PayPal.

The mysterious action mostly appeared to affect users in Germany but was also reported across different platforms.  According to details that have since emerged, only accounts that are linked to Google Pay were affected and funds lost are reported to be in the range of thousands of Euros, although the actual figure is not out yet.

Moreover, PayPal has recently fixed the issue giving a sense of relief to PayPal users worldwide. However, security researchers have detailed what could have transpired and argue that some security flaws were reported as early as February 2019 but PayPal didn’t put much attention to the alarm.

According to some theories, since PayPal does not allow contactless payments via Google pay, intruders can use their skills to read card details (the integration is accompanied by a virtual card issued by PayPal ) from mobile, that is if the mobile device is enabled. No authorisation is required. Furthermore it argues that card details could have been obtained through guesswork, reading card details from a user device (someone close to you) or using hacking tools through malware in a target’s device. In this case, the CVC is not needed.

But since the issue has been fixed it is not worth it to be worried at all.