Hackers used a credential-stuffing attack to steal personal information from 35,000 PayPal users. According to the report on the Maine.gov website, the attack appears to have taken place between December 6th and 8th but was discovered later on December 20th. The stolen information included Social Security numbers, usernames, addresses, dates of birth, and individual tax identification numbers.
Paypal was quick to send a notification assuring its stakeholders that financial information was not stolen and customer accounts were not misused. To all those affected, Paypal is offering free identity theft monitoring services through Equifax for two years.
PayPal reached out to affected customers and offered guidance on how to protect their personal information. To ensure the safety of these accounts, PayPal also reset the passwords and required customers to create new ones when they log in.
A credential stuffing attack is when a hacker uses stolen usernames and passwords to gain unauthorized access to multiple online accounts. They automate the process by inputting stolen credentials into login forms on various websites. These attacks are dangerous as they can go undetected for long periods of time and target many victims at once.
In order to keep your accounts safe we highly advise that you do the following:
Use strong and unique passwords: Make sure to use strong and unique passwords for all of your online accounts. Avoid using the same password for multiple accounts, and avoid using personal information, such as your name or date of birth, in your passwords.
Enable two-factor authentication: Many online services offer two-factor authentication, which adds an additional layer of security to your account. This typically involves providing a second factor, such as a code sent to your phone, in addition to your password.
Read more about how to protect yourself in our cybersecurity guide for beginners