>
Looks like someone forgot to close a bracket, the PDF link extends to all the text below it. Also, the mobile site has no 'send corrections' link.
eBay-owned PayPal has plugged a vulnerability that potentially allowed thieves to seize control of merchants' online stores and empty the shelves. The bug – discovered by security researcher Mark Litchfield of Securatary – affected PayPal Manager, which is used to manage PayFlow accounts by people selling stuff online. PayPal …
A proper corporate would have brought the cops in to arrest the security researcher, lobbied for harsher penalties for "computer crime" and, of course, left the bug un-patched for the next CIO to deal with. Oh, and blamed $ENEMY_DU_JOUR for the subsequent slurp of customer info from the unencrypted file in the web root named "customer-info_-_full.txt" right next to the recently renamed file "dot-htaccess"
Anuj from PayPal here. This story is from last week.
http://threatpost.com/paypal-fixes-serious-account-hijacking-bug-in-manager/106117
The potential vulnerability was responsibly reported to PayPal by the security researcher before he went public and quickly addressed by the PayPal team. PayPal has conducted a thourough investigation of this situation and can confirm that there is no evidence that PayPal customer information was compromised.