PayPal has been hacked, affecting 35,000 accounts. The technique used in this attack is known as credential stuffing, and it is used to steal sensitive data from users who have registered with a specific service. This form of cyber-attack is intended for consumers who use the same password on many online services and sites at the same time.
Credential stuffing is a type of cyber-attack in which stolen usernames and passwords are used to attempt to get into various accounts across multiple sites. Hackers utilise a list of stolen credentials to automate attempts to get into numerous accounts, hoping to identify those with genuine credentials. PayPal has contacted 34,942 users of the theft, noting that the hacker attack did not allow for direct system violation. Still, data such as full names, dates of birth, postal addresses, social security numbers, and tax identification numbers were taken. Fortunately, the assault did not carry out any transactions.
According to the PayPal administration, the incident occurred between December 6 and 8, 2022. When it was discovered, the company launched an internal inquiry, which was finished two weeks later. The investigation’s findings indicated that unauthorised third parties could enter the accounts of thousands of people. Within two days, the attackers accessed these users’ personal information.
PayPal executives also emphasised that the company’s information security professionals restricted hackers’ access to the service before resetting the passwords of impacted users.
This attack serves as a reminder to use unique and complicated passwords for all online accounts. It is also important to periodically check your account activity and report any suspicious activity. PayPal has taken the appropriate precautions to secure the impacted accounts and is working with authorities to further examine the incident.