The holes still exist. One was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program.
PayPal is working to close the holes."
Link to Original Source
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
Time-sharing is the junk-mail part of the computer business. -- H.R.J. Grosch (attributed)