Researchers claim to have created a hacking tool that can exploit the security used by PayPal Inc. and other companies.
The tool can decrypt secure messages sent to sites using the Transport Layer Security 1.0 protocol, which is most secure sites, Ars Technica reported Wednesday.
The tool, called BEAST, attempts to determine the encryption key by adding its own text to instructions sent to a secure site. It uses the known text as the basis for decrypting the entire communication, the article said. The vulnerability the researchers used has been known for years, Ars Technica noted.
The researchers had not yet published their findings publicly when the article was published.
PayPal spokesman Anuj Nayar told Ars Technica that the company is "reinforcing our security. We'll continue to do so once the research is released in the coming week. … We have dedicated teams of information security experts who continually review and strengthen our security systems. We'll further review this once we have details of the research later in the week."
PayPal is a unit of eBay Inc. of San Jose, Calif.