After the T-mobile data breach, the Paypal data breach 2023 title made headlines today. Thousands of PayPal customers receive breach warnings after credential stuffing attacks compromised their accounts.
A credential stuffing attack is when a hacker tries every possible combination of a username and password that they can find in a database breach. This type of attack is completely automated, with bots running lists of credentials to “push” into login forms for multiple services.
Users that recycle passwords across several accounts are prime targets for credential-stuffing attacks.
Paypal data breach 2023: 35,000 users affected
The number of affected PayPal users is 34,942, as stated in the company’s data breach disclosure. Third parties who gained access to the accounts were able to see the account holder’s personal information, including but not limited to:
- Full names
- Dates of birth
- Postal addresses
- Social security numbers
- Individual tax identification
PayPal said it quickly reset the passwords of all the compromised accounts to limit the hackers’ access to the service.
According to PayPal’s investigation, the credential stuffing attack occurred on their system between December 6 and December 8, 2022. As well as immediate detection and mitigation, the corporation launched an internal investigation to determine how the hackers gained access to the accounts.
As of the 20th of December, 2022, PayPal had finished its probe and confirmed that unauthorized users had entered into the accounts using the correct credentials.
The electronic payments platform asserts there was no security compromise on its end and that there is no indication that the credentials were stolen from them.
A PayPal account gives you access to your purchase history, information about any linked credit or debit cards, and information about any invoices you may have paid using PayPal.
PayPal claims it quickly responded to the security breach by limiting the intruders’ access to the site and resetting the passwords of compromised accounts.
The warning further states that the hackers did not attempt or could not complete any transactions using the compromised PayPal accounts.
According to PayPal’s notice to affected users, “we have no information suggesting that any of your personal information was abused as a result of this issue,” meaning that no unauthorized transactions have occurred.
“We reset the passwords of the affected PayPal accounts and implemented enhanced security controls that will require you to establish a new password the next time you log in to your account”
Equifax will provide free identity monitoring for two years to affected customers.
The firm suggests that anyone who receives one of these alerts change their passwords immediately to something complex and lengthy. A strong password is at least 12 characters long and contains alphabetic and numeric characters and symbols.
As an added layer of security, PayPal suggests its customers enable two-factor authentication (2FA) from the ‘Account Settings’ page. This will make it so that an attacker with your login and password cannot access your account.
PayPal reports that 34,942 accounts were compromised in a recent data breach. Intruders gained access to account holders’ full names, dates of birth, postal addresses, Social Security numbers, and individual Tax Identification Numbers for two days.
Data breaches and hacks are one of the biggest problems of today’s world. Don’t you think so? Check out these:
- T-Mobile data breach: 37 million accounts impacted
- Twitter data breach: 400 million users affected
- Equifax data breach settlement prepaid card explained
- Social Blade is hacked and the company confirmed the data breach
- GoTo data breach ended up affecting LastPass
- Facebook data breach 2022: 1M+ users affected
- Cash App data breach is confirmed by Block