Andorra Warns of WhatsApp-Signal PIN Scam and PayPal Data Leak
Andorra's cybersecurity agency alerts users to phishing attacks hijacking messaging accounts via SMS codes, alongside PayPal's disclosure of exposed.
Key Points
- Phishing scam uses compromised accounts to request SMS PINs from contacts, mainly Spanish numbers.
- Sharing PIN grants instant account control; verify via other channels.
- PayPal loan service leak (Jul-Dec 2025) exposed names, SSNs, addresses for ~100 clients.
- PayPal reimbursed unauthorized transactions and offers 2 years free credit monitoring.
**Andorra's National Cybersecurity Agency warns of WhatsApp and Signal account takeover scam**
The Agència Nacional de Ciberseguretat d’Andorra (ANC-AD) issued an alert over the weekend about a phishing scam targeting WhatsApp and Signal users. The fraud involves messages appearing to come from known contacts, typically starting with a simple "Hola" and followed by a request to forward a verification PIN received via SMS.
According to the ANC-AD's post on X, scammers exploit compromised accounts to send these messages, mainly to users with Spanish phone numbers. Victims who share the code—believing it was sent to them by mistake—hand over control of their account within seconds. Attackers then access chats and history, impersonating the victim to target their contacts.
The agency urges users never to reply to such requests and instead contact the supposed sender directly through another channel to check for compromise. If a code has already been shared, it advises immediate action to recover the account and strengthen security. Preventive steps include enabling Signal's Registration Lock, setting a WhatsApp verification PIN, reviewing linked devices, and removing any unfamiliar connections.
**PayPal discloses six-month data exposure in loan service**
In a related update, the ANC-AD noted PayPal's confirmation of a data leak affecting its Working Capital loan service. The issue stemmed from a code change on 1 July 2025 that exposed sensitive user details until it was fixed on 12 December 2025.
PayPal stated the breach did not impact its core systems but left loan application data vulnerable to unauthorised access. Potentially exposed information included full names, dates of birth, Social Security numbers, business addresses, email addresses, and phone numbers. The company estimates around 100 clients were affected.
Notifications went out to those involved on 10 February 2026, with passwords reset to require new ones on next login. PayPal reported some unauthorised transactions, which it has reimbursed, and is providing two years of free credit monitoring via Equifax.
This follows other PayPal security issues, including a 2025 black-market sale of over 15.8 million records and a January 2026 invoicing vulnerability enabling fake payment requests.
Original Sources
This article was aggregated from the following Catalan-language sources: