undefined | Better HN

0 pointsThorrez3y ago0 comments

The author never says the full number is revealed. The author says the partial number is revealed.

0 comments

The article has been changed. The word partially was added in the sentence below after I commented.

> enter an email address to log into PayPal, an SMS is immediately sent and the phone number is partially revealed.

That said, below that it mentioned number guessing so I probably could have guessed that's what they'd meant to write.

Other parts still said partially though. Your comment was left at 4:40 UTC[1]. Here's a snapshot from 4:07 UTC[2]. It says

>PayPal helps them by partially revealing a significant portion of your phone number

>Remember Mat Honan, who’s digital life was destroyed when his iCloud account was wiped in a targeted attack? In that attack, the hacker used social engineering to obtain a partial credit card number from an Amazon employee which Apple then accepted as verification of identity. With PayPal no such social engineering is required; instead revealing half your phone number to anyone who merely enters your email address on the login screen.

>Of course, PayPal also allows users to log in by entering their phone number. Now armed with a partial, a bad actor needs only to enumerate the remaining digits to reveal your full phone number.

[1] https://hacker-news.firebaseio.com/v0/item/32615770.json

[2] https://web.archive.org/web/20220827040709/https://christian...

levymetal3y ago

OP here - yeah that's my bad - I never intended it to be interpreted as fully revealed but a sentence taken out of context can read that way, so I tweaked the article (as well as fixing a few spelling mistakes). Apologies for the confusion.

j / k navigate · click thread line to collapse