As the website “BleepingComputer” reports, PayPal accounts were hacked in a large-scale so-called credential stuffing attack. Therefore, the company has notified thousands of users whose accounts were compromised about the data breaches. Personal data was stolen in the attack.
In credential stuffing attacks, hackers attempt to access an account by trying username and password pairs obtained from data leaks on various websites. This type of attack relies on an automated approach in which bots execute lists of credentials to “stuff” login portals for various services.
PayPal states that the credential stuffing attack took place between December 6th and 8th, 2022. The company recognized it at the time and was able to limit it. An internal investigation has been launched to find out how the hackers gained access to the accounts.
According to PayPal’s data breach report, 34,942 users have been affected by the incident. During the two days, hackers had access to the account holders’ full names, dates of birth, mailing addresses, social security numbers, and individual tax identification numbers. The attackers did not attempt or manage to conduct transactions from the hacked PayPal accounts.
The best 15-inch notebooks in the Focus test
“We have reset the passwords of affected PayPal accounts and implemented enhanced security controls that will prompt you to set a new password the next time you log into your account,” PayPal said in a statement. Affected users will receive a free identity monitoring service from Equifax for two years.
In addition, PayPal recommends users to enable Two-Factor Authentication Protection (2FA) in the Account Settings menu, which can prevent unauthorized persons from accessing an account even if they have a valid username and password.
Basically, users should choose their passwords in such a way that they are not easy to crack. Secure passwords contain a combination of letters, numbers and special characters. They should be at least twelve characters long and the letters should be used in upper and lower case. Also, it makes sense not to use the names of children, spouses, or pets. A random combination of characters makes more sense.
The original to this post “PayPal advises quick password change after hacker attack” comes from chip.de.