AfterDawn: Tech news

PayPal pays $10,000 to discoverer of massive security flaw (+video)

Written by James Delahunty @ 07 Dec 2014 7:57 User comments (4)

PayPal pays $10,000 to discoverer of massive security flaw (+video)

An Egyptian security researcher has scooped the top payout for security bugs from PayPal for discovering a massive security flaw that exposed the accounts of over 150 million users.
Yasser Ali was able to get around PayPal's CSRF Prevention System and capture an authentication token that could be used to effect a customer's PayPal account. You could add, remove or confirm e-mail addresses, add fully privileged users to a business account, change security questions, billing info, shipping info, payment methods and so on.

He disclosed the bug to PayPal and received the firms top award incentive for bug hunters, pocketing $10,000 for his work.

He also detailed how he beat PayPal's security systems on his blog, and provided this proof of concept video.





Via: Spohos (Naked Security)

Tags: PayPal
Previous Next  

4 user comments

18.12.2014 08:49

bloody hell! just shut the internet down for good already!

28.12.2014 14:30

Hi James, Evelyn here with PayPal. Any chance you can share your email address?

38.12.2014 14:46

Thank God for no-life losers that hack this crap morning, noon and night. To have honestly caught this, you'd have to eat, breathe, see, and think ones and zeros and likely don't have much of a life outside of the keyboard and mouse.

I am grateful though.

49.12.2014 14:48

they should've added another '0' onto that amount.

Comments have been disabled for this article.

News archive