PayPal security holes expose customer card data, personal details

Dangerous website flaws have been discovered in PayPal that grant attackers access to customer credit card data, account balances and purchase histories.

One of the holes was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program.

“Communication is paramount. Researchers are often not doing it for the financial reward (you can make more on the black market selling these), but out of a sense of trying to better the landscape around them. Without a personal level of communication, companies often interpret well intended reports as malicious, and researchers lose the drive to participate when they do not see actionable results,” Smith said.