Vulnerability has been reported in March, 2013
By Ionut Ilascu on October 9th, 2014 15:06 GMT "A vulnerability in PayPal’s filtering of account restrictions through the mobile API allows an individual access to a blocked account without providing additional security details.
When a user enters the wrong username and password pair several times, access to the account is restricted on a computer until the answer to a set security question is provided.
However, switching to a mobile device eliminates the problem and the account can be accessed with the right credentials.