The Wall Street Journal reports that PayPal has “rushed out an update to correct a security flaw in its iPhone application that could allow hackers to intercept users’ passwords,” which is reported to stem from a failure to verify the digital certificate for the PayPal website before transmitting data over the internet. The company said it will refund anyone affected as a result, noting that it was not aware of any cases. It also only affects the app when using a unsecured WiFi network, so that data can be intercepted.