PayPal sends data breach notifications to thousands of users. Nearly 35,000 PayPal accounts were hacked using Credential stuffing. The hackers try to gain access to an account by trying the username and password pairs that come from data breaches on different websites. This type of attack relies on an automated approach where bots run lists of credentials to “cram” login portals for various services.
Nearly 35,000 PayPal accounts hacked using Credential stuffing
According to Bleeping Computer, 34,942 PayPal users have been affected by this latest attack on its systems that involves stuffing credentials. PayPal discovered that this attack happened in early December 2022. Upon investigation, it was found that it was likely that credential stuffing was used.
Also check: MailChimp reveals new breach after employees were hacked
During the two days that the attack was going on, hackers had access to a variety of personal information, including full names, dates of birth, addresses, social security numbers and tax identification. They could also see PayPal transaction details, including credit card and bank details.
Surprisingly, attackers have not made any transactions yet. PayPal has also confirmed that no transactions have yet been made during this attack. It’s uncertain if these were the efforts of someone just seeing if they could do it or if we should expect more outrageous actions.
PayPal has changed passwords and notified affected users. The company will also run Equifax’s pro bono identity check for two years to keep an eye on things. The company recommends that everyone turn on two-factor authentication to protect against these attacks in the future. It is best to change your password immediately. We also recommend that you do not use the same passwords for all your accounts.
Also see: PriceOye Pakistan acquires early investment from co-founder PayPal