PayPal Vulnerability with Login Patched After Being Discovered by White-Hat Hacker

January 16, 2020
ITRC_SS_paypal_788142184 PayPal Vulnerability with Login Patched After Being Discovered by White-Hat Hacker

A PayPal vulnerability in the login system was recently discovered by a white-hat hacker, allowing the company to create a patch for the problem. When we picture highly-skilled hackers at work, we might think of darkened rooms and faces peering out of black hoodies, lit by the glow of several computer monitors. At least, that is how Hollywood portrays these criminal masterminds who can break into a secure network from anywhere in the world and cause harm.

Fortunately, that is not often the reality. In fact, a number of hackers—the so-called “white-hat hackers”—like to sift around in a major company’s security defenses just to see what they can find. The company might pay them handsomely as a reward.

That was the case with a recently patched login vulnerability at PayPal. A hacker discovered that the Java script in the login page could potentially allow unauthorized outsiders to access accounts. Alex Birsan then reported the issue to PayPal and publicly disclosed it, for which he received over $15,000 from the company.

The method involved in accessing an account without authorization is so roundabout that PayPal has no reason to think anyone actually accomplished it. According to the company, an unsuspecting user would have had to go to PayPal by first clicking a button on a malicious website and entering their credentials to take advantage of the PayPal vulnerability. Then a hacker would have had to access the Google CAPTCHA that verifies the users’ identities on certain accounts. Still, there is no reason to leave a vulnerability unchecked, and PayPal created a patch for the PayPal vulnerability.

While PayPal users do not have to do anything to install this patch—since the issue was with PayPal’s own site, not downloaded user software—this is a good reminder that any time a vulnerability is discovered and a patch is issued, that patch will not be useful unless it is implemented. If the PayPal vulnerability had involved user software or apps, you would not be protected if you had not installed the latest update.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Share this article:
 

eHost managed wordpress hosting

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:

SHARE IT HERE:

Related Posts

Information from MGM Data Breach Ends Up on the Dark Web

Information from MGM Data Breach Ends Up on the Dark Web

Last summer, MGM Resorts disclosed an MGM data breach that affected around 10 million guests of the hotel company, including some fairly high-profile clients. The data, which included names, addresses, phone numbers and email addresses appears to have not included...

LimeLeads Overexposure Leads to Malicious Cybercrime

LimeLeads Overexposure Leads to Malicious Cybercrime

In what has become a frequent event, another company has fallen victim to exposing their sensitive company information to the entire internet, all because they failed to password-protect their web-based storage system. LimeLeads, a San Francisco-based company that...

Front Rush Data Breach Exposes Student-Athletes’ Data

Front Rush Data Breach Exposes Student-Athletes’ Data

The 2020 year has kicked off with a number of high-profile data breaches that have affected a wide variety of industries. The recently announced Front Rush data breach affecting student-athletes is just another in a long line of attacks that have targeted businesses...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.