Almost 35,000 PayPal accounts breached using known credentials-

Another friendly PSA to update those passwords, especially if you use the same ones across multiple accounts. Another breach has occurred, and it looks like attackers are using known login information used across multiple websites to get your data. This means an innocent little login on a long forgotten website might give bad actors access to more important things like your PayPal account.

According to Bleeping Computer, 34,942 PayPal users have been affected by this latest credential stuffing attack on its systems. Credential stuffing is an automated approach where as many known logins as possible are stuffed into a website, which is why password recycling is a problem. 

Many websites won’t have the kind of security that, say, your bank or PayPal will employ to protect your personal details. It makes sense: most people don’t store their valuables in a plastic safe, but you also wouldn’t put the PIN to your real safe inside one. If you’re using the same password, especially if combined with the same login across multiple sites, it just makes things that much easier for the bad guys.

PayPal has found this attack took place in early December 2022, and after investigating was able to confirm the likelihood of credential stuffing being used.

For the two days the attack was running, hackers had access to all sorts of personal information, including full names, birth dates, address, social security numbers, and tax identification. They could also see PayPal transaction details that include credit card and bank information. 

But what’s kind of weird is they didn’t do anything with this information. At least, not yet. PayPal hasn’t found evidence of the attackers trying to make transactions, or anything else from the sounds of things. It’s uncertain if this was the efforts of someone simply seeing if they could, like the recent exposer of the TSA no-fly-list, or if we should expect more nefarious actions to follow. 

PayPal has changed passwords and notified impacted users, along with providing two years worth of pro bono Equifax identity monitoring to keep an eye on things. The company recommends everyone enable two-factor authentication to help protect against these attacks in future, and of course change and stop recycling your passwords. Especially in places you plan to keep important stuff like your identity. 

Related Posts

Report- Nintendo of America laying off contractors ahead of Switch 2 launch

Layoffs have hit Nintendo of America, according to Kotaku. Sources told the outlet the US arm of Nintendo is undergoing a "massive downsizing" that will see over…

Microsoft Flight Simulator 2024 Requires Fraction Of Storage Space Versus Last Game

When Microsoft Flight Simulator 2024 lands on PC and Xbox Series X|S this November, it will take up far less storage space than the last game. In…

Ex-PlayStation Exec Says He Would Have "Resisted" Sony's Live-Service Push

Former 31-year PlayStation veteran Shuhei Yoshida, who just left the company on January 15, sat down for an in-depth interview about his career. One of the most…

All The Xbox Game Pass Titles Leaving In First Half Of April

As it does each month, Microsoft is removing Xbox Game Pass titles from the catalog, and now some of games leaving the subscription catalog for April have…

Al Pacino Has A Shrek Phone Case, It Seems

A photo actor Jason Momoa shared on Instagram intended to document a celebratory dinner for a gallery opening has instead gone viral for revealing that Al Pacino…

Best Deals Today- PS5 Games, Switch Exclusives, Gaming Laptops, And More

Wednesday has brought nice discounts on numerous PlayStation games thanks to the launch of the annual Days of Play sale. Many of the best deals from earlier…