"PayPal Breach Exposed PII of Nearly 35K Accounts"

Nearly 35,000 PayPal user accounts were compromised in a recent credential stuffing attack, exposing personal information that could be used to fuel future attacks. PayPal's breach disclosed that the attack began on December 6, 2022, and continued until it was discovered on December 20, 2022. The names, addresses, Social Security numbers, tax identification numbers, and/or birth dates of 34,942 people were compromised. According to PayPal, there is no evidence that any personal information was abused as a result of this incident, nor is there evidence of any unauthorized account transactions. The company also stated that there is no evidence that login credentials were obtained from any PayPal systems. This article continues to discuss the credential stuffing attack on PayPal, the stolen credential ecosystem, and password reuse remaining a major security problem.

Dark Reading reports "PayPal Breach Exposed PII of Nearly 35K Accounts"

Submitted by Anonymous on