PayPal Hack: 35,000 Accounts Compromised in Credential Stuffing Attack

On December 20, 2022, PayPal, one of the most widely used online payment platforms, confirmed that 35,000 users' accounts had been compromised due to a security breach. An unauthorized party viewed and potentially obtained some personal information of PayPal customers between December 6, 2022, and December 8, 2022. As soon as PayPal identified the breach, the company immediately took steps to protect affected customers and notified law enforcement.

According to the Maine Attorney General, the data breach was caused by credential stuffing. Credential stuffing occurs when attackers use a list of stolen login credentials to gain access to multiple accounts. This attack is often successful because many people use the same password to access various online accounts. Therefore, strong, unique passwords should be created for each online account to ensure maximum security and be updated regularly.

As a result of the breach, PayPal reset passwords for the affected accounts. In addition, PayPal is offering a two-year free identity monitoring service through Equifax to those affected. Equifax services allow individuals to monitor their credit reports and detect suspicious activity, such as unauthorized credit applications or bank account openings.

PayPal recommends all users take proactive measures to protect themselves. Some security measures include updating passwords, changing security questions, and enabling 2-step verification. The 2-step verification process adds a layer of security to an account by requiring a secondary verification method. Some common secondary verification methods include a code sent via text message, phone call, or an authentication application.

Keeping up with the latest threats and taking steps to secure your accounts is essential. The incident serves as a reminder of the importance of being vigilant about protecting personal information online. In addition to using strong passwords and enabling 2-step verification, consumers should monitor their credit reports regularly. Also, pay close attention to suspicious emails or telephone calls claiming to represent a financial institution.

As data breaches continue to increase, protecting personal information becomes increasingly important. Consumers can reduce the risk of becoming a data breach victim by taking proactive measures and staying updated on the latest threats. This recent incident serves as a reminder for us all to protect our personal information.