Product reviews, deals and the latest tech news

PayPal acknowledges a data breach and notifies customers via email

Some PayPal users have received a warning that their accounts may have been hacked and that their personal information may have been stolen.

On December 20, 2022, the corporation announced that an unauthorised third party had accessed a number of PayPal accounts. The accounts were accessed between December 6 and December8,2022, according to the further research.

During this period, “unauthorised third parties were able to see and possibly obtain certain personal information for some PayPal users,” the alert states. Users’ names, addresses, Social Security numbers, individual tax identification numbers, and/or dates of birth are all examples of this kind of information.

There is no indication that this was abused

Although PayPal claims there is “no indication” that the attackers obtained the login credentials from inside the company’s systems, it has not provided any more details about how the breaches occurred.

According to BleepingComputer, the assault that led to the data breach was credential stuffing, in which cybercriminals “fill” the login page with several stolen credentials until one of them succeeds.

This strategy is vulnerable because it depends on users reusing passwords across many services, which increases the chance of compromise for all of those services. The same report states that 34,942 accounts were hacked and that the hackers likely gained access to users’ transaction history, linked credit or debit card information, and PayPal invoicing data.

It is unclear what the hackers will do with the information they have stolen. While PayPal has not yet found proof that this information has been exploited, it stands to reason that it will be put to use in identity theft, phishing, and other sorts of social engineering.

PayPal has implemented “additional security restrictions,” which would require users to create a new account upon their next login, to safeguard its users from the breach. Users also received complimentary identity monitoring services from Equifax for a full year.