Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

PayPal notifies 34942 users of data breachSecurity Affairs

admin by admin
January 20, 2023
in Cyber News


PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks.

PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not breached.

The company is sending out breach notification letters to the impacted customers, threat actors had access to names, addresses, Social Security Numbers, individual tax identification numbers, dates of birth for PayPal users, and of course transaction histories.

“On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials. We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account. There is also no evidence that your login credentials were obtained from any PayPal systems.” reads the letter sent by the company to the affected customers. “Based on PayPal’s investigation to date, we believe that this unauthorized activity occurred between December 6, 2022, and December 8, 2022, when we eliminated access for unauthorized third parties. During this time, the unauthorized third parties were able to view, and potentially acquire, some personal information for certain PayPal users.”

The company added that has not delayed the notification as a result of any law enforcement investigation.

What is credential stuffing?

“Credential stuffing is a type of attack in which hackers use automation and lists of compromised usernames and passwords to defeat authentication and authorization mechanisms, with the end goal of account takeover (ATO) and/or data exfiltration.” In other words, bad actors glean lists of breached usernames and passwords and run them against desired logins until they find some that work. Then, they enter those accounts for the purpose of abusing permissions, siphoning out data, or both. 

PayPal reset the passwords of the affected accounts and will force impacted users to create new password the next time they log in to their account. 

The financial technology company is offering two years of Equifax identity monitoring services to the impacted customers, that include fraud alerts and up to $1 million of identity theft insurance coverage for a specific list of out-of-pocket expenses resulting from identity theft.

Alon Gal, Ceo at Hudson Rock warns that over one million of PayPal credentials are available in the cybercrime underground, explaining that they were obtained using info-stealer infections.

“tbh 35,000 is peanuts, Hudson Rock info-stealers data indicates they have over 1,350,000 users credentials that are in the hands of hackers, with more getting added every day (not to mention some compromised PayPal employees as well).” said Gal. “Database leaks credentials stuffing is so passé, today hackers use credentials from compromised computers.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, credential stuffing)



Share On






Source link

Previous Post

Vijender Singh seeks CBI probe into wrestlers’ allegations –

Next Post

As US, China Fight Over Bangladesh, India Is the Real Winner – The Diplomat

Next Post

As US, China Fight Over Bangladesh, India Is the Real Winner – The Diplomat

Recommended

CENTCOM Conducted 313 Operations Against ISIS in Iraq and Syria in 2022

1 month ago

Bitcoin, Ether weaken; Litecoin leads declines across top 10 cryptos

2 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.