PayPal

Pierluigi Paganini January 20, 2023
PayPal notifies 34942 users of data breach over credential stuffing attack

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not […]

Pierluigi Paganini May 23, 2022
A flaw in PayPal can allow attackers to steal money from users’ account

A security researcher announced the discovery of an unpatched flaw in PayPal that could allow attackers to steal money from users. TheHackerNews first reported that a security researcher (that goes online with the moniker h4x0r_dz) has discovered an unpatched flaw in PayPal that could allow attackers to trick users into completing transactions controlled by the […]

Pierluigi Paganini February 24, 2018
Paypal issue allows disclosure of account balance and recent transactions

Paypal issue allows for enumeration of the last four digits of payment method and for the disclosure of account balance and recent transactions of any given PayPal account. Introduction This post details an issue which allows for enumeration of the last four digits of payment method (such as a credit or debit card) and for […]

Pierluigi Paganini December 03, 2017
PayPal-owned company TIO Networks data breach affects 1.6 million customers

PayPal confirmed that one of the companies it owns, TIO Networks, suffered a security breach, that affected 1.6 million customers. PayPal confirmed that one of the companies it owns, TIO Networks, suffered a security breach, hackers have accessed servers that stored information for 1.6 million customers. The company TIO Networks was recently acquired by PayPal for […]

Pierluigi Paganini August 01, 2016
PayPal accounts abused to distribute the Chthonic Banking Trojan

Experts from Proofpoint discovered that the Banking trojan Chthonic was distributed via ‘legitimate’ PayPal accounts by abusing the “money request” feature. The imagination of cyber criminals is a never-ending pit, according to the security firm Proofpoint, crooks are abusing PayPal to distribute the Chtonic banking trojan. Chtonic is a strain of the most notorious Zeus Trojan, the […]

Pierluigi Paganini June 25, 2016
PayPal fixed a flaw that allowed attackers to deliver malicious images

PayPal has fixed a vulnerability that could have been exploited by attackers to deliver malicious images through the payment pages of the website. The Security researcher Aditya K Sood discovered a vulnerability that could have been exploited by attackers to deliver malicious image through the payment pages of the PayPal website. The expert noticed that the […]

Pierluigi Paganini March 30, 2016
PayPal flaw allowed hackers to send malicious emails

PayPal has just fixed a security vulnerability that could have been exploited to send malicious emails to users via its platform. Researchers at security firm Vulnerability Lab have discovered a filter bypass and an application-side input validation vulnerability that allowed attackers to inject malicious code into emails sent by the PayPal platform. “A persistent input validation & mail […]

Pierluigi Paganini October 04, 2015
Bogus PayPal App used to spread a banking Trojan

Security experts at Trend Micro have uncovered a spam campaign spreading a bogus PayPal app to steal German users’ banking credentials. A spam campaign is targeting German Andoird users, the malicious emails impersonate PayPal trying to trick the recipient into downloading a bogus PayPal app update that hides a banking Trojan. “Mobile banking is now used by […]

Pierluigi Paganini September 07, 2015
Authentication Flaw affects the PayPal Mobile App

Security experts at Vulnerability Lab have discovered a restriction filter bypass vulnerability affecting the PayPal mobile app. Under specific conditions, PayPal can ask users to confirm their identity to prevent frauds. When users are asked to verify their identity, their account is not accessible and in order to unblock it PayPal request them to make […]

Pierluigi Paganini September 05, 2015
A PayPal stored XSS vulnerability exposed users to hack

Security experts at BitDefender have discovered a PayPal stored XSS vulnerability that could be exploited by hackers run various attacks on PayPal users. Security researchers at Bitdefender have discovered a PayPal stored XSS vulnerability in the e-payment service that could be exploited by attackers to upload specifically crafted files to hack registered users. The PayPal […]