17-Year old Australian Hacker Revealed Paypal Flaw

paypal logo

17 year old Australian hacker Joshua Rogers revealed Paypal flaw in public. Joshua Rogers found a flaw in PayPal's authentication system in June has now gone public on the problem, because PayPal has still not fixed it.

Joshua Rogers says in a 5 August blog post that, PayPal's two-factor authentication (2FA) system can be bypassed. He also uploaded a video of exploit on YouTube.

He said, "Today, the 5th of August, I release my Paypal 2FA bypass exploit. It's been exactly two months since I've reported this bug, and due to the simplicity of it, I believe I've given Paypal long enough to fix it".

He was arrested by armed police earlier this year after he alerted the Victorian Transportation Department to a leak in its 600,000-user database.

Joshua Rogers said in the new blog post, "I have decided to release this publicly, because despite two months given, it still hasn't been fixed".

He also wrote a blog post on 26 June about Paypal's 2 Factor authentication that says, "A complete 2FA bypass is what I found. Yes, really. You completely bypass the page, and can send money, view/edit personal information, etc. All you need is an email and a password".

No comments

Powered by Blogger.