PayPal acknowledged a security breach last week via a notification sent to affected customers.
About 35,000 PayPal users were notified last Thursday that their accounts had been compromised between December 6 and 8, 2022.
According to the official notification sent to all account holders, the hacks were confirmed on December 20, 2022. They are further reassured that PayPal has no evidence to suggest that their personal information was misused over the 2-day attack or that their account has been used for illicit purposes.
On December 8, 2022, access to the impacted accounts was disabled for anybody who was not allowed to use it.
Basic Knowledge of the Recent Attack
In a report by Fox News, personal details such as names, ages, residences, social security numbers, and even taxpayer ID numbers were still accessible to hackers. Within two days of discovering the breach, PayPal had been shut down, users' passwords had been changed, and no fraudulent transactions had been attempted.
Based on PayPal's investigation, the hackers exploited credit stuffing to access the victims' accounts. When hackers employ stolen or compromised credentials that are already public knowledge on the dark web, they are said to be "credential stuffing."
Users' accounts are tried across a variety of online sites through bots programmed with lists of usernames and passwords obtained in prior data breaches in the hopes that users have not recently updated their passwords.
Password reuse is a potential security risk, especially for people who use the same password for many accounts.
If you're curious about whether or not your credentials have been compromised, according to Fox News, you can get more information on this topic by visiting CyberGuy.com. Search for "have your passwords been hacked" using the magnifying glass in the upper right corner of the page.
Also Read : MailChimp Reports a Data Breach Incident
'My PayPal Account Was Compromised; Now What?'
For anyone whose accounts were compromised in this hack, PayPal has likely already requested a new password.
Make sure to include a combination of upper and lowercase letters, digits, and special characters in the new password.
As per reports, the victims will also get free identity monitoring services from Equifax for a period of two years.
Future-proofing Your Security Against Cybercriminals
Although PayPal is doing everything it can to assist the victims of this horrible attack, there are measures you may take to protect yourself in the future.
First up, avoid using the same password for several accounts and explore good password managers to help you with the task.
Take advantage of two-factor authentication if the service you are using supports it. If a hacker somehow manages to get your login credentials, this additional precaution will prevent them from accessing your sensitive data.
Craig Lurey, chief technology officer and co-founder of Keeper Security, previously said that this incident should prompt organizations to implement a zero-trust architecture, enable MFA, and demand strong and unique passwords.