A PayPal account hack that consists of just one click was discovered by an Egyptian security researcher. If you have a PayPal account — there’s a 100% chance that you’ll be changing your password after reading this post. You don’t have to worry about that because he shared his findings with PayPal, who have already implemented a fix. He shared a proof-of-concept video on YouTube, of him tricking PayPal servers into thinking he’d logged in as any user.
He achieved this by evading PayPal security checks with a a cross-site request forgery (CSRF) and a small Python script running on his own computer. PayPal presents security researchers with a $10,000 bounty for their vulnerability reporting program, so that means Yasser Ali got more than a thank your for his findings. Come to think of, if he could find this loophole and report it, imagine what the bad guys know?
Source: Yasser H. Ali