Valuable to a small handful of competing corporate interests, maybe, but useless to the rest of us. What are you suggesting, that Amazon might agree to funnel you a large sum of money under the table in return for divulging something like this?

As a thought exercise - I suppose you could short eBay stock and then leak the information underground. I don't think this would be considered insider info by the SEC and if you let other people do the actual stealing from accounts you haven't violated laws in that regard. When paypal finally discovers the problem and fixes it, you inform the media what happened (assuming paypal doesn't fess-up) and then buy back your shorted stock after the inevitable drop in stock price. Maybe someone with more knowledgeable could comment if if/where this might be illegal?

I'd assume there's rules against this sort of stuff, perhaps falling under bigger items like aiding and abetting in a crime.

And I'd definitely assume it'd be considered insider trading.

But it's a very clean way. There aren't really any direct traces to you as you didn't enter into any actual agreement or conversations with anyone. You'd just dump information one sided, that's pretty easy to do anonymously. And if you look at the volume of trade on eBay, it'd be very unlikely they'd be able to pinpoint who was the source of the hack based on trading alone, if they even look for a link between traders and the hack in the first place. And even if they can reasonably say it might be you cause you just shorted $250k out of the blue (still puny volume for a stock like this), there'd be no way to prove anything else.

The biggest issue I'd say is having been tracked by server logs while finding out about the security leak.

As for whether it's a good plan... I wouldn't take it myself if I was evil. First it's probable that wherever you leak it underground to, will go to Paypal and collect a bounty. It'd be a quick fix probably in a span of mere hours after they become aware of it. It wouldn't show up on the price charts much if at all, I mean this story went pretty unreported, right? Even if you put of $100k, the price may drop 1-3%, that's peanuts for an opportunity like this, and it requires a shitton of spare money. Even if you leverage it, you might just coincide it with some big news. For example, since he reported the bug publicly, the price has risen by 9-10%. If you shorted that with leverage, ouch.

Safe but not very effective I think, good try in any case!

Since you could time the release of the news, put options with relatively short expiry could get you a much larger windfall than shorting the stock. Regardless though I'm sure this would be illegal in several ways. Even if you don't hack them yourself, you're going to be responsible for sharing the info. (And if you're just worried about getting caught, I wouldn't be surprised at all if the FBI looks at suspicious trading surrounding an incident like that, which might be all that's needed to start them on your trail.)

That would be quite interesting. Leaking it to the media so they can report that the hack is happening right then and has not been identified by Paypal yet. Panic!