PayPal Addresses Security Vulnerability

PayPal has fixed a security hole that could have allowed fraudsters to hijack production systems. The vulnerability could have allowed attackers to install a backdoor on PayPal, according to PC World.

The magazine described how Michael Stepankin, a bug bounty hunter, found the vulnerability in the manager.paypal.com website. “After he reported the issue to PayPal and it got fixed, the company gave him a reward through its bug bounty program, even though his report was marked as a duplicate. It turns out that another security researcher reported the same issue a few days earlier, proving that people are currently scanning for this type of vulnerability.”

PayPal’s engineering team addressed the vulnerability, and said that while the security community has known about deserialization vulnerabilities for a few years, “they were considered to be theoretical and hard to exploit.”

You can read PayPal’s post on the PayPal-Engineering.com website.

Ina Steiner

Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). She is a member of the Online News Association (Sep 2005 - present) and Investigative Reporters and Editors (Mar 2006 - present). Follow her on Twitter at @ecommercebytes and send news tips to ina@ecommercebytes.com. See disclosure at EcommerceBytes.com/disclosure/.