PayPal Fixes OAuth Token Leaking Vulnerability Posted on November 29, 2016 by Simon Steed PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application.