PayPal has confirmed that a researcher found a high-severity security vulnerability that could have exposed user passwords to an attacker
The researcher, Alex Birsan, earned a bug bounty of $15,300 (£11,700) for reporting the vulnerability, which was disclosed January 8 having been patched by PayPal on December 11, 2019.