Bottom-line to the article: The expert ethically reported the flaw to Paypal that promptly fixed it, this is the Time Line of the bug: Vulnerability Discovery: 19/Jun/15 2:27 AM Vulnerability Reported: 19/Jun/15 7:10 AM Remediation Notification: Aug 25, 2015 at 5:44 AM Thanks Paypal Security team for the good coordination the fast responses for Emails.
A little misleading, it applies to users, who would use a credit card option during the payment, not for people who would pay directly by paypal.
Well, I happen as well as you to consider a 2 months' delay as a bad example of promptitude By the way, this thread makes me discover the site securityaffairs.co which seems very interesting. Concerning PayPal I had closed my account when the companyhad decided to obstruct help funds for ProtonMail. EDIT - Darn, I missed the sarcasm!