• PupBiru@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    i don’t think paypal did much wrong here: the 35k accounts wasn’t really their fault… their “breach” was credential stuffing: criminals trying usernames and passwords from other breaches… there’s not much they can do to fix that except enforce MFA (this is just 1 of many reasons it’s so important!)

    • shirroOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Yes, optional MFA isn’t good enough for a regulated financial service. That should be mandatory.