PayPal is broken

PayPal has confirmed that a researcher found a high-severity security vulnerability that could expose user passwords to an attacker. The researcher, Alex Birsan, earned a bug bounty of $15,300 (£11,700) for reporting the problem, … public disclosure of the vulnerability, “the login form.”

PayPal confirmed that, “sensitive, unique tokens were being leaked in a JS file used by the recaptcha implementation.”

https://www.forbes.com/sites/daveywinder/2020/01/10/paypal-confirms-high-severity-password-security-vulnerability/#7e67d4251b50

They pay “bounty” money to some outside hacker, because they don’t have the in-house human resources to fix their own website, and secure their customers’ money from online thieves, and it just gets worse and worse from there.

PayPal form to “link” bank account

We use Yodlee to confirm your bank details and to check your balance and transactions as needed, which can help your PayPal payments go through. For more information, see our Privacy Statement. You can turn off our use of Yodlee by removing permissions for this bank in your Profile.

PayPal form to “link” bank account.

Now I have never heard of Yodlee before, and I wouldn’t have though they needed or would actually have the gall to actually “ask for” the customer’s online bank password for some nebulous data aggregation purposes.

Financial Innovation and Insights
Happen at the intersection of data + intelligence with Envestnet | Yodlee, a leader in data aggregation.

Envestnet | Yodlee, the leading data aggregation and data analytics platform, … never sells data that identifies individuals.

https://www.yodlee.com/

Now where do these people get their funding from, and such ultimate trust to handle third-party online bank logins?

Leave a comment

Your email address will not be published.