1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • PayPal confirms data breach, sends warning emails to users

    From TechnologyDaily@1337:1/100 to All on Fri Jan 20 13:15:03 2023
    PayPal confirms data breach, sends warning emails to users

    Date:
    Fri, 20 Jan 2023 13:06:51 +0000

    Description:
    Thousands of PayPal users affected in what appears to be a credential
    stuffing attack.

    FULL STORY ======================================================================

    PayPal has issued a warning to some of its customers that their accounts have been breached, and some sensitive data compromised.

    In its report , the company confirmed that on December 20, 2022, an unauthorized third-party accessing a number of PayPal accounts. Further investigation uncovered that whoever was behind the attack, accessed the accounts between December 6 and December 8, 2022.

    During this time, the unauthorized third parties were able to view, and potentially acquire, some personal information for certain PayPal users, the warning reads. That data includes users names, addresses, Social Security numbers, individual tax identification numbers, and/or dates of birth. No evidence of misuse

    PayPal did not explain exactly how the attackers managed to access these accounts, other than stating that there is no evidence the login credentials were taken from the companys systems.

    BleepingComputer reports that the breach is the result of credential stuffing, a type of attack in which hackers stuff the login page with
    numerous credentials taken elsewhere until one eventually works.

    This method relies on people using the same passwords across multiple
    services so that if one gets breached, all are at risk. The same report also claims 34,942 accounts were compromised, and that transaction histories, connected credit or debit card details, and PayPal invoicing data were also likely accessed. Read more

    PayPal is doing away with passwords for some users


    PayPal closes off popular loophole in business payments system


    Check out the best firewalls right now

    What the hackers will do with the data obtained in the attack remains to be seen. At the moment, PayPal does not have any evidence the data was misused, but its safe to assume it will be used in identity theft , phishing, or other forms of social engineering attacks.

    To protect its users, PayPal reset the passwords for the affected users, and enhanced security controls requiring users to set up a new account on their next login. Also, the users were given one year free identity monitoring services through Equifax. Here's our list of the best endpoint protection services around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/paypal-confirms-data-breach-sends-warning-email s-to-users


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)