Showing results for 
Search instead for 
Did you mean: 

bypassing 2-step authentication security protocol

New Community Member

bypassing 2-step authentication security protocol

Hello everybody, as per title says, I encountered a very nasty thing today, basically somebody avoided somehow the 2-step authentication system, logged into my account, added a second phone number and after he/she start scooping out money. Luckily it didn't took too much to be notified through emails about the fact I'm successfully paying random dudes on internet, open a case and PayPal blocked all transactions and refund them.


What I've done so far, I've changed the password, denied the browser to store it anymore, eliminated from the key-chain. 


Question is, where is the weak link, how was possible for somebody to avoid 2 step authentication as the password is not enough anymore to log into your account, the phone requires my fingerprint to do anything and laptop is running a virus free Linux? 


Any idea or suggestion will be much appreciated.


Have a lovely Easter, everyone.