PayPal's security 'flawed'
By CLAIRE McENTEE - The Dominion Post
Related Links
Relevant offers
A security flaw in the online payment service PayPal means sensitive information is at risk and customers could lose control of their accounts, according to an Auckland software developer.
Ewart MacLucas says the flaw means customers who have not registered a credit card or bank account to their PayPal account need only supply a street address or phone number to change their password information that can be easily obtained by others.
Once an account is accessed, people can see details of financial transactions and change account settings so a customer could be locked out of their own account, he says.
PayPal spokeswoman Kelly Stevens confirmed that for PayPal accounts not tied to a credit card or bank account and which have "little to no remaining balance", customers can reset their password by providing "personal information like a phone number and street address".
"This does not put account holders at risk of disclosing sensitive personal or financial account information that can be used to steal their money, so we do not see this as a significant threat.
"It's important to note that for PayPal accounts that have bank accounts, credit cards or cash balances tied to them, the password reset process is much more sophisticated."
But Mr MacLucas says information in a PayPal account should be protected, regardless of whether it can be used to steal money.
"As a paypal customer, I consider a list of who paid, how much and when to be sensitive personal information.
"I shouldn't have to give PayPal my credit card or bank account number to protect that information."
Many small companies and community organisations use the PayPal donate scheme, in which people can donate money to them via PayPal.
"While I don't know how many people could be affected by this, the volume of Paypal users means even if it's only one in every 1000, that's still a big number."
Sponsored links
Operation Titstorm hackers strike Australia
Nintendo pirate just a shy gamer - dad
Google faces off with Facebook
Cat-and-mouse game on Iran's internet
Forget the single player, give me online
US announces Saudi trip on Twitter
$1.8m fine for Super Mario pirate
Google threatens China copycat
Billboard used in hunt for taxi driver's killer
Harawira Maori seats bill 'a mistake'
Base jumper injured in 30m fall
SPCA steps in on injured dog standoff
Nintendo pirate just a shy gamer - dad
Crayfish game closed down in Auckland
Palin's ex stars as nude coverboy
Referee says rugby has to change
Operation Titstorm hackers strike Australia
'Lovesick' student sparked airport alert
SPCA steps in on injured dog standoff
Daily trivia quiz: February 10
Eva Longoria in porn Tweet mishap
'Very white' Australian rugby cops criticism
Principal accused of sunburn bribe
Fantastic panoramic of Taranaki
Baby elephant a natural show-off
Stewart Island Maori v Pakeha rugby game
SPCA steps in on injured dog standoff
Plan to claw back $1.7b by axing depreciation tax breaks
Key 'no GST rise' video emerges
Outrage as Key signals national park mining
Waikato Pistons sign troublesome talent
SPCA steps in on injured dog standoff
Key confirms GST increase being considered
A pass for Key, but much more to do
King Kong ship meets watery grave
Sanzar, SKY decide it's time to titillate the fans
Is a $1.8m fine fair for uploading a game to the internet?
