Australian security researcher found a way to get access to a PayPal account that has enabled two-factor authentication. Joshua Rogers, a 17-year-old based in Melbourne, Australia, published details of the attack on his blog on Monday. He said PayPal failed to fix the flaw despite being notified on June 5. The code is sent offline or generated by a mobile application, it is much more difficult for hackers to intercept although by no means impossible. Rogers will forfeit a reward usually paid by PayPal to security researchers that requires confidentiality.”]