Last week it was reported that PayPal has patched a possible hacking vulnerability. It’s not known if this was widely exploited and it does seem that it was a tricky hole to breach.
Apparently an ttacker could log in to a PayPal account without triggering confirmation text but it did also require access to your browser too.
As the report notes: “Turned up by Vulnerability Labs’ Shawar Khan, the problem existed in how PayPal’s API implemented the “PayPal preview” portal. The good news is that it was an exploit that needed access to the victim’s browser.”
You can read more here. Although unless you’re savvy tech type, it doesn’t make much sense. (That includes me.) So do feel free to explain more if you’re in the know.