PayPal confirms data breach, sends warning emails to users

Tens of thousands of PayPal users affected

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

PayPal has issued a warning to some of its customers that their accounts have been breached, and some sensitive data compromised.

In itsreport, the company confirmed that on December 20, 2022, an unauthorized third-party accessing a number of PayPal accounts. Further investigation uncovered that whoever was behind the attack, accessed the accounts between December 6 and December 8, 2022.

“During this time, the unauthorized third parties were able to view, and potentially acquire, some personal information for certain PayPal users,” the warning reads. That data includes users’ names, addresses, Social Security numbers, individual tax identification numbers, and/or dates of birth.

TechRadar Pro needs you!We want to build a better website for our readers, and we need your help! You can do your bit by filling outour surveyand telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

No evidence of misuse

PayPal did not explain exactly how the attackers managed to access these accounts, other than stating that there is “no evidence” the login credentials were taken from the company’s systems.

BleepingComputerreports that the breach is the result of credential stuffing, a type of attack in which hackers “stuff” the login page with numerous credentials taken elsewhere until one eventually works.

This method relies on people using the same passwords across multiple services so that if one gets breached, all are at risk. The same report also claims 34,942 accounts were compromised, and that transaction histories, connected credit or debit card details, and PayPal invoicing data were also likely accessed.

PayPal is doing away with passwords for some users>PayPal closes off popular loophole in business payments system>Check out the best firewalls right now

What the hackers will do with the data obtained in the attack remains to be seen. At the moment, PayPal does not have any evidence the data was misused, but it’s safe to assume it will be used inidentity theft, phishing, or other forms of social engineering attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To protect its users, PayPal reset the passwords for the affected users, and “enhanced security controls” requiring users to set up a new account on their next login. Also, the users were given one year free identity monitoring services through Equifax.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

I’m a vacuum cleaner expert, and this $150 Roomba deal is my early Black Friday must-buy