PayPal's security 'flawed'
BY CLAIRE MCENTEE
Related Links
Relevant offers
A security flaw in the online payment service PayPal means sensitive information is at risk and customers could lose control of their accounts, according to an Auckland software developer.
Ewart MacLucas says the flaw means customers who have not registered a credit card or bank account to their PayPal account need only supply a street address or phone number to change their password information that can be easily obtained by others.
Once an account is accessed, people can see details of financial transactions and change account settings so a customer could be locked out of their own account, he says.
PayPal spokeswoman Kelly Stevens confirmed that for PayPal accounts not tied to a credit card or bank account and which have "little to no remaining balance", customers can reset their password by providing "personal information like a phone number and street address".
"This does not put account holders at risk of disclosing sensitive personal or financial account information that can be used to steal their money, so we do not see this as a significant threat.
"It's important to note that for PayPal accounts that have bank accounts, credit cards or cash balances tied to them, the password reset process is much more sophisticated."
But Mr MacLucas says information in a PayPal account should be protected, regardless of whether it can be used to steal money.
"As a paypal customer, I consider a list of who paid, how much and when to be sensitive personal information.
"I shouldn't have to give PayPal my credit card or bank account number to protect that information."
Many small companies and community organisations use the PayPal donate scheme, in which people can donate money to them via PayPal.
"While I don't know how many people could be affected by this, the volume of Paypal users means even if it's only one in every 1000, that's still a big number."
- © Fairfax NZ News
Sponsored links
The Artist dog wins 'spokesdog' role
Website attacks motivated by politics
Kiwi game industry worth more than $179.6m
Microsoft acknowledges Xbox Live hijacks
New Facebook photo viewer mimics Google+
Popular app's CEO apologises over privacy bungle
Managing a massive music library
Review: Final Fantasy XIII-2 for PS3
Facebook will release more user data
Review: Sony Ericsson Xperia arc S
3D printing: saviour or piracy tool?
Company claims CTV building report 'inadequate'
TVNZ included in police Electoral Act investigation
Tourist alleges police brutality
Child killed at Motueka school
Pike's ventilation system 'unable to cope'
Milk price inquiry to continue
Website attacks motivated by politics
Another ocean giant meets a tragic end
Kiwi game industry worth more than $179.6m
Week-long strike looms for port
Popular app's CEO apologises over privacy bungle
Lake Horowhenua toxic enough to kill a child
Armed gang members in Waitangi stand-off
Sir Bob Jones: SBW-Tillman fight a joke
Jaime Ridge ringside supporting Sonny Bill
Celebrity mum and daughter BFFs
Tillman KO the biggest buzz for SBW
TVNZ included in police Electoral Act investigation
Police U-turn on speeding tolerance
Five aftershocks jolt Christchurch
Romney campaign takes aim at rival Santorum
Rick Santorum wins Missouri primary
Santorum claims momentum with upset wins
Sir Bob Jones: SBW-Tillman fight a joke
NZ has high rate of men-only boards
Tillman KO'd by Sonny Bill Williams in first round
Resignations at MediaWorks holding company boards
Five aftershocks jolt Christchurch
Police U-turn on speeding tolerance
Sir Bob Jones: SBW-Tillman fight a joke
Celebrity mum and daughter BFFs
Tillman KO'd by Sonny Bill Williams in first round
Deciphering the language of love
How to tell someone they're fat
3D printing: saviour or piracy tool?
Sir Bob Jones' boxing tirades becoming tiresome
