I just discovered this today while logging into a paypal sub account. A sub account is a limited account someone can create for you by using the muli user access feature of paypal. A new security policy has just been applied to paypal which requires sub accounts to enter new security questions and a change their password. When you login next time to a sub account it will ask you for this new information and make you change your password. However, the password that it changes is actually the main account holder's! Paypal has fucked up. My account was only allowed to receive money. After completing the form I then had the main account holder's password and could have done whatever. Of course the account holder was a friend of mine and so I just told him what was going on. I am posting this to warn anyone who might have multi user access enabled on their account. You should remove the access now before the user has a chance to login and change your password.