You can breathe a sigh of relief. The good guys found this one before the bad guys.
It turns out your PayPal account was just one click away from being hacked. Imagine that: all your money stolen, your credit card info laid bare.
Well, it was a bit more than one click, but in less than 10 minutes one Egyptian hacker was able to capture a token and take over someone's account, potentially cleaning out their funds and walking away clean.
PayPal is a heavy hitter when it comes to security, that's why it has a Bug Bounty program and offers a $10,000 reward if hackers can show a proof of concept video showing them successfully hacking into PayPal's systems.
Yasser Ali, an Egyptian security researcher, showed just how easy it was to take advantage of something called a CSRF - a cross site request forgery. You can see in the video below that Ali opens up Chrome and Mozilla, with an additional programs running in the background.
These background programs monitored data sent to PayPal during a login attempt, and captured a valid token for all users. From there, it was relatively simple matter for him to modify the answers to PayPal security questions and successfully login to a different account.
You can see Ali's proof of concept video below. There's no sound, but you can follow along to see how he snags data and uses a python program to change the answers to the security questions.