X
PayPal suffers security breach in a large-scale 'credential stuff

PayPal suffers security breach in a large-scale 'credential stuffing' attack

Pictured: Hisan Kidwai
By Hisan Kidwai
January 23, 2023
Featured image for PayPal suffers security breach in a large-scale 'credential stuffing' attack

It seems like hardly a week goes by without some major company announcing that they’ve suffered a security breach, and this time it’s PayPal, one of the world’s most popular online payment platforms. The company announced on Thursday that nearly 35,000 of its users had their accounts breached between December 6th and 8th.

However, unlike other breaches, threat actors didn’t hack PayPal itself. Instead, they used a technique known as “credential stuffing”. In this type of attack, hackers use previously leaked login information that people have reused for their PayPal accounts.

As reported by Bleeping Computer, during the two-day intrusion, hackers had access to a significant amount of personal information of the affected users. This includes full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. Additionally, they also had access to transaction histories, connected credit or debit card details, and PayPal invoicing data.

Fortunately, PayPal was able to halt the intrusion and reset the passwords for the affected users. The company also reassured that no unauthorized transactions were attempted and is also giving affected users two free years of credit monitoring from Equifax.

Importance of updating and maintaining your passwords

This incident highlights the importance of online security. As PayPal didn’t suffer a security breach, and none of these accounts would have been compromised if their owners had followed some basic online security practices. It’s crucial to be vigilant and take proactive measures to protect your personal and financial information from hackers.

One of the most basic measures you can take is to never use the same passwords across accounts, especially for websites like PayPal. For those users who have trouble remembering their passwords, a password manager like 1Password can make this easy. To further protect your account, enable two-factor authentication, which is available in the account settings menu on PayPal. By following these simple steps, you can greatly reduce the risk of falling victim to a security breach.