PayPal pays $10,000 to discoverer of massive security flaw (+video)

PayPal pays $10,000 to discoverer of massive security flaw (+video)
An Egyptian security researcher has scooped the top payout for security bugs from PayPal for discovering a massive security flaw that exposed the accounts of over 150 million users.

Yasser Ali was able to get around PayPal's CSRF Prevention System and capture an authentication token that could be used to effect a customer's PayPal account. You could add, remove or confirm e-mail addresses, add fully privileged users to a business account, change security questions, billing info, shipping info, payment methods and so on.

He disclosed the bug to PayPal and received the firms top award incentive for bug hunters, pocketing $10,000 for his work.

He also detailed how he beat PayPal's security systems on his blog, and provided this proof of concept video.

Via: Spohos (Naked Security)

Written by: James Delahunty @ 7 Dec 2014 7:57
Advertisement - News comments available below the ad
  • Dragon3000

    bloody hell! just shut the internet down for good already!

    ZX Spectrum 128K

    8.12.2014 08:49 #1

  • evelyn.tam

    Hi James, Evelyn here with PayPal. Any chance you can share your email address?

    8.12.2014 14:30 #2

  • hearme0

    Thank God for no-life losers that hack this crap morning, noon and night. To have honestly caught this, you'd have to eat, breathe, see, and think ones and zeros and likely don't have much of a life outside of the keyboard and mouse.

    I am grateful though.

    8.12.2014 14:46 #3

  • alotanor

    they should've added another '0' onto that amount.

    9.12.2014 14:48 #4

© 2023 AfterDawn Oy

Hosted by
Powered by UpCloud