Paypal Reporting system that allowed him to steal private data of any PayPal account. Nir Goldshlager, founder of and Security Researcher reported critical flaws in the system. He found that PayPal is using the(a third party app) to display customer reports, so Nir downloaded the trial version of this app for testing purpose from its official website. Nir found that, Get folderitems.do file having an ID parameter of 7-8 numeric characters which can be manipulated get the secret token id of respective user with same ID.
Source: https://thehackernews.com/2013/05/hacking-paypal-accounts-to-steal-users.html