A data breach at PayPal was recently discovered, potentially affecting millions of users. On 20 December 2022, PayPal confirmed that they had discovered a data breach affecting user accounts. The company stated that the incident occurred due to a large-scale credential stuffing attack. Credential stuffing is a type of cyber attack in which hackers use lists of stolen usernames and password combinations to gain unauthorized access to accounts on various websites.
The information that was potentially accessed includes customer names, email addresses, phone numbers, birthdates, social security numbers, and individual tax identification numbers. There is also a risk that threat actors may access users’ transaction histories, linked credit or debit card details, and PayPal billing data from their PayPal accounts.
PayPal has advised affected customers to change their passwords and monitor their account activity for any suspicious activity. The company has also stated that it will be providing free credit monitoring and identity protection services to impacted customers. If you believe your account may have been affected by the PayPal data breach, it’s essential to take immediate action to protect yourself. Here are some steps to take:
- Change your PayPal password immediately
- Monitor your account activity for any suspicious activity
- Consider setting up two-factor authentication (2FA) for added security
- Check your credit report and monitor for any unauthorized activity
- Be wary of any phishing attempts or unsolicited phone calls or emails
PayPal has assured customers that they are taking all necessary steps to prevent future incidents and protect customer information. In the meantime, it’s important to take the necessary precautions to protect yourself and your information.