A new security flaw that affected users of open source login tools, OAuth 2.0 and OpenID did not affect PayPal accounts, stated PayPal today.
The vulnerability affected numerous other web sites that utilize those two methods of logging into services, including some offered by PayPal.
The statement was as follows:
“As always, it’s important to us to keep our customers informed, connected and aware of how we’re addressing any concerns you have with our products or services.
When we heard that security researchers recently discovered a vulnerability in open source login tools OAuth 2.0 and OpenID (which are widely used by many websites and web services, including some offered by PayPal) we moved quickly to determine the impact to our customers. We have carefully investigated this situation and can tell you that this vulnerability has no impact on PayPal and your PayPal accounts remain secure.
We take the responsibility of keeping your financial details protected very seriously at PayPal. When PayPal implemented OAuth2.0/OpenID, we engineered additional security measures to protect our merchants and customers. These measures protect PayPal customers from this specific OAuth2.0/OpenID vulnerability.
We want to reassure you that if your PayPal account is accessed without your permission, PayPal will help you resolve the problem and will cover 100% of any eligible transactions to keep your money secure. “
You know the drill: change your PayPal password to be 100% percent on the safe side.
