The company notifies 34942 PayPal customers that their accounts have been compromised due to a credential stuffing attack.
PayPal alerts victims of data breaches with their personal information, including Social Security and tax identification numbers, that hackers have accessed. They also notified Maine’s Attorney General about the security issue, which impacted 34,942 users.
The hackers used a method known as “credential stuffing,” in which they successfully guess login passwords by injecting login credentials from previous data breaches.
The breach occurred last month, between December 6 and 8, before PayPal started blocking the hackers’ access. Fortunately, the hackers were unable to conduct any fraudulent activity on the impacted accounts, but they did get access to personally identifiable information, which may be used in other sorts of attacks.
“The personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth,” PayPal wrote on the notification that was sent.
“PayPal’s payment systems were not impacted, and no financial information was accessed,” a company spokesperson said. “We have contacted affected customers directly to provide guidance on this matter to help them further protect their information. The security and privacy of our customers’ account information remains a top priority for PayPal, and we sincerely apologize for any inconvenience this may have caused.”
Furthermore, victims should be watchful against other potential cyberattacks since hackers may utilize them for other types of fraudulent activity.