UPDATE : The Vulnerability Has Been Fixed and Accounts Are Safe.
It has been reported that Paypal has a very serious vulnerability which gives theÂ attacker complete, unrestricted access to the victims paypal account. This new vulnerability lies in the Password Recovery System of Paypal. Through this vulnerability the hacker can access the victims account in 30 seconds and use it to its full potential without any restrictions.
According to Matt Langley of Integrated Computer Enterprises :-
PayPal sends Password Forgotten Change tokens to unauthorized email addresses instead of the email address on the account. Once you follow the link they email, and change the password, you are given total access to that account. No trickery or sophisticated hacking is required. Itâ€™s a bug in their email system that corrupts email addresses.
[Source : The Hacker News]