PayPal announces that 35,000 users' accounts were compromised in hack

The online banking company was the victim of a cyber-attack known as "credential stuffing."

PayPal announced that a recent hack affected 34,942 users' accounts. The cyber-attack was reported to the Maine Attorney General's Office on January 18. However, the company reported that the attack occurred sometime between December 6 and December 8, 2022. Known as "credential stuffing," hackers are able to steal the login password if it was used on other websites that were previously attacked.

Zerohedge reported that the California-based payment processor's lawyers alerted the Maine attorney general. The following day, the company also sent a letter to affected users notifying them of the data breach.

Social Security and tax identification numbers

In the letter, PayPal said the full names, date of birth, Social Security numbers, addresses and tax identification numbers of the affected users were leaked: "We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account."

In addition, the company gave victims of this "credential stuffing" a series of recommendations to prevent the personal information collected by PayPal from ending up in a new leak:

If you detect any suspicious activity on an account, change the password and security questions immediately, and promptly notify the company where the account is maintained. You may also add additional security for your PayPal account by enabling ‘2-step verification’ in your Account Settings. When links are present in an email, individuals should hover [their] mouse over the links to view the actual destination URL and should not click on the link if [they] are unsure of the destination URL or website.

Along with this, PayPal assured that the number of hacked users was very small compared to the number of people who frequently use its services. In addition, the firm reported, the attack did not impact its website or its systems:

PayPal’s payment systems were not impacted, and no financial information was accessed. We have contacted affected customers directly to provide guidance on this matter to help them further protect their information. The security and privacy of our customers’ account information [remain] a top priority for PayPal, and we sincerely apologize for any inconvenience this may have caused.