The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

Triple-Track Conference - 15th & 16th October


Capture the Flag - 15th & 16th October

HackWEEKDAY - 15th & 16th October

CommSec Village - 15th & 16th October


PayPal security holes expose customer card data, personal details

Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories.

The holes — which still exist — were recently discovered by a security researcher.

One of the holes was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program. Neil Smith from Texas-based outfit Zing Checkout found that attackers could log into publicly-accessible PayPal administrative sites via authorisation bypass and cross site scripting (XSS) vulnerability.