Alex Birsan, a security researcher, found a high-security bug on PayPal’s login page, where users’ password information can get exposed. PayPal awarded Mr. Birsan $15,300 for discovering the bug, and PayPal immediately remedied the problem by releasing a patch within 24 hours. This comes as a huge relief as patches for many security vulnerabilities may take months. PayPal is a highly sought financial platform for malicious actors. By gaining access to users’ accounts, it will easily allow them to “cash out” or “card” their accounts, as there are plenty of “how to” guides on sale that detail the steps to do so.
So what exactly was the vulnerability that would compromise users’ password information?
While PayPal informed that taking advantage of such a vulnerability would require sophisticated attack strategies – through social engineering and phishing – and that they continuously work on addressing vulnerabilities they come across, they are also aware that many organizations and clients lack the security awareness and security experts, even if they have the budget for it. It is clear that having cybersecurity management measures in place on all ends to prevent such commonly-made, sophisticated attacks are more important than ever so that all businesses and activities run smoothly and confidently.
LIFARS Secure Code Review Can Identify Security Gaps within Your Code
Get in Touch with a LIFARS Expert Today To Take Advantage of These Services