![]() PayPal further confirmed that the attackers did not attempt or manage to perform any transactions from the breached accounts. Impacted users will receive a free, two-year identity monitoring service from Equifax. PayPal claims to have taken quick action to limit the hackers’ access to the platform by resetting the passwords of all the affected accounts. While unauthorized third parties had access to the accounts, they could view the following information about the account holders:Īccording to Bleeping Computer’s report, transaction histories, connected credit or debit card details, and PayPal invoicing data are all accessible through the accounts, as well. Users who employ the same password for multiple online accounts, known as password recycling, are most prone to credential-stuffing attacks.Īccording to the data breach notification by PayPal, 34,942 users have been affected by the incident. With the help of bots, lists of credentials are inserted into login portals for various services. The hackers were able to access the accounts by using credential stuffing, whereby pairs of usernames and passwords sourced from data leaks are tried on various websites. At this point, they confirmed that the hackers had gained unauthorized access to the accounts using valid credentials. The company was able to detect and mitigate the attack as soon as it occurred, but the conclusive investigation was not finished until December 20th, 2022. ![]() On Thursday, January 19th, 2023, PayPal began contacting nearly 35,000 users with a data breach notification, explaining that their accounts had been hacked between December 6th and 8th, 2022. PayPal claims that this was not a result of a breach in its systems, since no evidence suggests that the user credentials were obtained directly from them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |