PayPal’s security ‘flawed’
A security flaw in the online payment service PayPal means sensitive information is at risk and customers could lose control of their accounts, according to an Auckland software developer.
Ewart MacLucas says the flaw means customers who have not registered a credit card or bank account to their PayPal account need only supply a street address or phone number to change their password information that can be easily obtained by others.
Once an account is accessed, people can see details of financial transactions and change account settings so a customer could be locked out of their own account, he says.
PayPal spokeswoman Kelly Stevens confirmed that for PayPal accounts not tied to a credit card or bank account and which have "little to no remaining balance", customers can reset their password by providing "personal information like a phone number and street address".
"This does not put account holders at risk of disclosing sensitive personal or financial account information that can be used to steal their money, so we do not see this as a significant threat.
"It’s important to note that for PayPal accounts that have bank accounts, credit cards or cash balances tied to them, the password reset process is much more sophisticated."
more.. link to news article
