Hello everybody, as per title says, I encountered a very nasty thing today, basically somebody avoided somehow the 2-step authentication system, logged into my account, added a second phone number and after he/she start scooping out money. Luckily it didn't took too much to be notified through emails about the fact I'm successfully paying random dudes on internet, open a case and PayPal blocked all transactions and refund them.
What I've done so far, I've changed the password, denied the browser to store it anymore, eliminated from the key-chain.
Question is, where is the weak link, how was possible for somebody to avoid 2 step authentication as the password is not enough anymore to log into your account, the phone requires my fingerprint to do anything and laptop is running a virus free Linux?
Any idea or suggestion will be much appreciated.
Have a lovely Easter, everyone.
