Home Gadgets Computers Researchers PayPal Hack Takes Over Accounts With Single Click

Researchers PayPal Hack Takes Over Accounts With Single Click

570
0

A PayPal account hack that consists of just one click was discovered by an Egyptian security researcher. If you have a PayPal account — there’s a 100% chance that you’ll be changing your password after reading this post. You don’t have to worry about that because he shared his findings with PayPal, who have already implemented a fix. He shared a proof-of-concept video on YouTube, of him tricking PayPal servers into thinking he’d logged in as any user.

He achieved this by evading PayPal security checks with a a cross-site request forgery (CSRF) and a small Python script running on his own computer. PayPal presents security researchers with a $10,000 bounty for their vulnerability reporting program, so that means Yasser Ali got more than a thank your for his findings. Come to think of, if he could find this loophole and report it, imagine what the bad guys know?

 

https://www.youtube.com/watch?v=KoFFayw58ZQ

 

Source: Yasser H. Ali

 

 

Advertisement