PayPal issued an alert to a group of its customers about the status of their accounts, specifically regarding a security breach. As they recognized from the American virtual wallet, cyber attackers hacked profiles and some sensitive data has been compromised.
The company confirmed that an unauthorized third party gained access to several PayPal accounts on December 20, 2022. According to the first investigations, they discovered that the person responsible for the attack managed to enter between 6 and 8 December 2022.
“During this time, unauthorized third parties were able to view and potentially acquire certain personal information for certain PayPal users,” the notice reads. Such data includes usernames, addresses, US Social Security numbers, individual tax code and/or date of birth.
From the virtual wallet they have not yet explained exactly how the attackers managed to access these accounts, other than stating that “there is no evidence” that the access credentials have been taken from the company systems.
How the cyber attack against PayPal was perpetrated
The specialized site BleepingComputer reported that the violation is the result of credential stuffing, a type of attack in which hackers “fill” the login page with numerous keys taken elsewhere. until one finally works.
This method is based on people who use the same passwords across multiple servicesso that if one is breached, all others are at risk.
The same report also states that 34,942 accounts have been compromised and that you probably also had access to your transaction history, linked credit or debit card details and billing information stored by PayPal.
There is currently no indication of what the hackers will do with the data obtained in the attack. At present, PayPal has no evidence that the data has been used, but it is safe to assume that it could be used by cybercriminals for hacking attacks. phishing or spoofing, as well as other forms of social engineering attacks.
To protect its users, PayPal says it has reset affected users’ passwords and “enhanced security checks” that require them to create a new account the next time they log in.
Additionally, as compensation, users received one year of free identity tracking services through Equifax, a US credit company.
To do
On the other hand, the company recommends that the recipients of the alerts change passwords using a unique and long chain, more robust, to avoid new accidents. Typically, a good password is at least 12 characters long and includes alphanumeric characters and symbols.
Also, PayPal recommended it turn on two-factor authentication protection from the “Account settings” menu, which can be prevent an unauthorized user from accessing an account, even if they have a valid username and password.
Source: Clarin
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.