PayPal is the latest company to suffer a massive cybersecurity breach, confirming a large-scale “credential stuffing” attack took place last month, with personal data compromised.
Credential stuffing attacks involve hackers attempting to access an account by using usernames and password gleamed from a previously third party hack.
The attack on PayPal compromised close to 35,000 accounts, so it wasn’t dire as recent Australian hacks, but the company has reset user passwords, and sent recommendations to those it believes were compromised by the attack.
“We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorised transactions on your account,” PayPal told users.
“There is also no evidence that your login credentials were obtained from any PayPal systems. Based on PayPal’s investigation to date, we believe that this unauthorised activity occurred between December 6, 2022, and December 8, 2022, when we eliminated access for unauthorised third parties.”
During that window, hackers were able to view, “and potentially acquire” sensitive information, including users’ name, address, Social Security number, individual tax identification number, and/or date of birth.
It is unknown how Australian account holders have been impacted by this breach.
