PayPal Breach Reveals Customer Data, Including SSNs | What to Do Next if Your Account Is Hacked?

This instance proves that password reuse is a potential security risk.

PayPal Experiments With More Traditional Banking Services
SAN JOSE, CA - APRIL 09: A sign is posted outside of the PayPal headquarters on April 9, 2018 in San Jose, California. PayPal is looking to offer basic banking services including Federal Deposit Insurance Corp. insurance for customer balances, a debit card and direct-deposit. Justin Sullivan/Getty Images

PayPal acknowledged a security breach last week via a notification sent to affected customers.

About 35,000 PayPal users were notified last Thursday that their accounts had been compromised between December 6 and 8, 2022.

According to the official notification sent to all account holders, the hacks were confirmed on December 20, 2022. They are further reassured that PayPal has no evidence to suggest that their personal information was misused over the 2-day attack or that their account has been used for illicit purposes.

On December 8, 2022, access to the impacted accounts was disabled for anybody who was not allowed to use it.

Basic Knowledge of the Recent Attack

In a report by Fox News, personal details such as names, ages, residences, social security numbers, and even taxpayer ID numbers were still accessible to hackers. Within two days of discovering the breach, PayPal had been shut down, users' passwords had been changed, and no fraudulent transactions had been attempted.

Based on PayPal's investigation, the hackers exploited credit stuffing to access the victims' accounts. When hackers employ stolen or compromised credentials that are already public knowledge on the dark web, they are said to be "credential stuffing."

Users' accounts are tried across a variety of online sites through bots programmed with lists of usernames and passwords obtained in prior data breaches in the hopes that users have not recently updated their passwords.

Password reuse is a potential security risk, especially for people who use the same password for many accounts.

If you're curious about whether or not your credentials have been compromised, according to Fox News, you can get more information on this topic by visiting CyberGuy.com. Search for "have your passwords been hacked" using the magnifying glass in the upper right corner of the page.

'My PayPal Account Was Compromised; Now What?'

For anyone whose accounts were compromised in this hack, PayPal has likely already requested a new password.

Make sure to include a combination of upper and lowercase letters, digits, and special characters in the new password.

As per reports, the victims will also get free identity monitoring services from Equifax for a period of two years.

Future-proofing Your Security Against Cybercriminals

Although PayPal is doing everything it can to assist the victims of this horrible attack, there are measures you may take to protect yourself in the future.

First up, avoid using the same password for several accounts and explore good password managers to help you with the task.

Take advantage of two-factor authentication if the service you are using supports it. If a hacker somehow manages to get your login credentials, this additional precaution will prevent them from accessing your sensitive data.

Craig Lurey, chief technology officer and co-founder of Keeper Security, previously said that this incident should prompt organizations to implement a zero-trust architecture, enable MFA, and demand strong and unique passwords.

Trisha Andrada
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics