Hackers managed to find a security loophole in the cooperation of Google Pay with the online bank PayPal and use it to buy products by charging unauthorized accounts internet banking.
Since last Friday, some users have reported seeing mysterious transactions appear in PayPal transaction history coming from their Google Pay account.
These problems have been reported in many websites, such as the PayPal forums [1, 2, 3, 4, 5, 6, 7], on Reddit [1, 2], on Twitter, [1, 2], and in the Google Pay support forums at Germany and Russia [1, 2, 3, 4, 5, 6, 7, 8, 9, 10].
Victims report that hackers are using their Google Pay accounts to purchase products with linked PayPal accounts. According to the screenshots που υπάρχουν παραπάνω, οι περισσότερες από τις συναλλαγές πραγματοποιήθηκαν από online stores of the United States and especially from Target stores.
Most of the victims appear to be German users.
The estimated losses amount to tens of thousands of euros, based on the above publications, since some transactions exceed 1.000 euros.
At the moment, PayPal is not aware of the security loophole exploited by hackers, but as he told ZDNet, they are reportedly investigating the matter.
"The security of our customers' accounts is a top priority for the company. We review and evaluate all information and will take the appropriate action we deem necessary to proceed protection of our customers".