PayPal’s two-factor authentication (2FA) system is supposed to protect your account should your PayPal username and password fall into the hands of online criminals. Escalate Internet researchers say the flaw is extremely simple to execute and and can be abused by anyone with a PayPal account and basic computer skills. PayPal told SecurityWeek that it was aware of the issue and while downplaying the threat, said that it would attempt to address the issue as quickly as possible.”]
Source: https://grahamcluley.com/paypal-left-red-faced-security-holes-found-two-factor-authentication/