An Egyptian security researcher,has discovered three critical vulnerabilities in PayPal website including, Auth token bypass and Resetting the security question, which could be used by cybercriminals in the targeted attacks. PayPal has been found to be vulnerable to a critical web application vulnerability that could allow an attacker to take control over users’ PayPal account with just a click. The eBay owned digital payment and money transfer service is vulnerable to the vulnerability affecting more than 156 millions PayPal users. Using Paypal CSRF exploit an attacker is able to associate a new secondary email ID (attacker’s email) to the victim’s account, and also reset the answers of the security questions from target account.
Source: https://thehackernews.com/2014/12/hacking-paypal-account.html