Recently PayPal confirmed about its user’s accounts had been attacked by unknown hackers between the 6th to 8th of December 2022. The attacker is said to have got unauthorized access to thousands of accounts counting around 34,942 by using a credential stuffing attack. It is still a very small number of customers and PayPal has around 432 million active users today.
Through this attack, the user’s personal information including names, addresses, social security numbers, tax identification numbers, and dates of birth was revealed according to the company.
Recently the credential stuffing attack has been increasing as many individuals reuse usernames and passwords across multiple accounts.
In an email, the PayPal spokesperson said that “No financial data was obtained and its payment system remained unharmed. While the impacted users have been informed individually, and we’ve given them advice on how to better safeguard their data.
The affected users are being said to reset their passwords and implemented enhanced security controls like two-factor authentication. They are also said to change it to unique and strong passwords even for their other services accounts using the same passwords. For doing so they are even advised to take help from a password manager, such as 1Password or Bitwarden.
He further said that “PayPal’s primary concern continues to be the security and privacy of our customer’s account information, and we deeply regret any difficulty this may have caused”
