AfterDawn: Tech news

PayPal pays $10,000 to discoverer of massive security flaw (+video)

Written by James Delahunty @ 07 Dec 2014 7:57 User comments (4)

PayPal pays $10,000 to discoverer of massive security flaw (+video)

An Egyptian security researcher has scooped the top payout for security bugs from PayPal for discovering a massive security flaw that exposed the accounts of over 150 million users.
Yasser Ali was able to get around PayPal's CSRF Prevention System and capture an authentication token that could be used to effect a customer's PayPal account. You could add, remove or confirm e-mail addresses, add fully privileged users to a business account, change security questions, billing info, shipping info, payment methods and so on.

He disclosed the bug to PayPal and received the firms top award incentive for bug hunters, pocketing $10,000 for his work.

He also detailed how he beat PayPal's security systems on his blog, and provided this proof of concept video.





Via: Spohos (Naked Security)

Tags: PayPal
Previous Next  

4 user comments

18.12.2014 08:49

bloody hell! just shut the internet down for good already!

28.12.2014 14:30

Hi James, Evelyn here with PayPal. Any chance you can share your email address?

38.12.2014 14:46

Thank God for no-life losers that hack this crap morning, noon and night. To have honestly caught this, you'd have to eat, breathe, see, and think ones and zeros and likely don't have much of a life outside of the keyboard and mouse.

I am grateful though.

49.12.2014 14:48

they should've added another '0' onto that amount.

Comments have been disabled for this article.

Latest news

Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments
How to Enable Bluetooth on Stadia Controller How to Enable Bluetooth on Stadia Controller (11 Feb 2023 1:04)
Google shut down its streaming game service Stadia late last month and this means that some people have Stadia controllers lying around that seem to be of no use. That is fortunately not the ....
2 user comments
Guide: How to Kick Unwanted Guests from Your Netflix Account Guide: How to Kick Unwanted Guests from Your Netflix Account (26 Jan 2023 2:14)
Sharing a Netflix account with a person in a different location is possible and indeed very common, although the company doesn't necessarily enjoy this behavior from their customers. However, ....

News archive