PayPal admits hacker attack exposed customer’s confidential information

Last Thursday, PayPal began notifying nearly 35,000 of its customers that their accounts were breached between December 6 and 8. During the two days, PayPal claims that no money was stolen from anyone.

What happened with the PayPal attack?

The hackers were still able to obtain personal and private information, including full names, dates of birth, physical addresses, social security numbers, and tax identification numbers.  PayPal halted the intrusion within two days, reset the passwords for affected users, and said no unauthorized transactions were attempted.

How did the hackers breach these accounts?

PayPal’s internal investigation revealed that the hackers used a method known as credit stuffing to breach the accounts of these victims. Credential stuffing is when hackers use existing credentials already floating around the dark web to hack into private accounts. They use bots with lists of usernames and passwords acquired in previous data breaches and try the credentials at multiple online services with the hope that customers haven’t recently changed their passwords. This is where those who use the same passwords across multiple different accounts could run into a big problem. To learn more about how to know if your passwords have been hacked, click here.

What if my PayPal account was hacked?

If you were one of the victims of this PayPal attack, then PayPal should have already reset your password. When you go to make a new password, make sure it is a strong password with capital and lowercase letters, numbers, and symbols. The company is also offering victims 2 free years of free identity monitoring from Equifax.

How to protect yourself from hackers in the future

Although PayPal is working hard to help out the victims of this vicious attack, there are steps you can take to ensure that something like this never happens to you.

  • Create strong passwords and don’t use the same ones for multiple accounts: you can find out more about creating strong passwords and great password managers here
  • Use 2-factor authentication: take advantage of 2-factor authentication for any services you use that offer it. This is one extra step that will keep a hacker out of your private information even if they get their hands on your login credentials

Were you affected by the PayPal breach? We’d love to hear from you.

Related:

 

Related posts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you

Massive data breach at federal credit union exposes 240,000 members