PayPal's Security 'Flawed'
A security flaw in the online payment service PayPal means sensitive information is at risk and customers could lose control of their accounts, according to an Auckland software developer.
Ewart MacLucas says the flaw means customers who have not registered a credit card or bank account to their PayPal account need only supply a street address or phone number to change their password information that can be easily obtained by others.
Once an account is accessed, people can see details of financial transactions and change account settings so a customer could be locked out of their own account, he says.
PayPal spokeswoman Kelly Stevens confirmed that for PayPal accounts not tied to a credit card or bank account and which have "little to no remaining balance", customers can reset their password by providing "personal information like a phone number and street address".