PayPal security holes expose customer card data, personal details

http://en.wikipedia.org/wiki/PayPal

Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories.

The holes — which still exist — were recently discovered by a security researcher.

One of the holes was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program. Neil Smith from Texas-based outfit Zing Checkout found that attackers could log into publicly-accessible PayPal administrative sites via authorisation bypass and cross site scripting (XSS) vulnerability.