PayPal reportedly suffers a cyberattack and the social security numbers of users were also stolen in the process. Approximately 35,000 users were impacted by the credential-stuffing attack, the company states.
PayPal Reportedly Suffers Cyberattack
The social security number among other personal information of about 35,000 PayPal users were accessed and stolen in a December credential-stuffing attack, the company on a Wednesday regulatory filing stated.
And according to the documents filed with the state of Maine, the reported attack took place between December 6 and December 8 of the previous year and it was then discovered on December 20. Individual tax identifications including social security numbers, addresses, and date of birth may also have been compromised during the attack.
There Is Still No Indication That Any Financial Information Was Stolen
There is still no indication that any financial information was stolen in the process, or that customer accounts were misused, the company said. The payment systems of the company also were not affected.
PayPal’s Statement to CNET
PayPal in a statement released to CNET on Thursday said that it contacted affected customers and then offered guidance on how to protect their personal information further. PayPal also reset the passwords of all of the affected accounts and it is now requiring its users to set up new ones the next time they login to their accounts. The company is also providing impacted users with identity theft monitoring services via Equifax for the next two years.
How PayPal Was Attacked By Cybercriminals
Cybercriminals in a credential-stuffing attack bombarded online accounts with combinations of user names and passwords which was at most times stolen in prior data breaches in an attempt to get access to as many accounts as possible.
This is one huge reason why cybersecurity experts say consumers should always enable two-factor authentication on their systems whenever possible. The security measure however requires a second form of authentication such as a fingerprint or a code sent to the phone of a user, in addition to a password thus protecting a user’s account whenever their password is compromised.
PayPal’s Advice to Affected Users
People in addition to all of this should at all times make use of long unique and random passwords for each of their accounts online as those will be very much less likely to pop up on the lists of passwords that are used in cracking down accounts in credential-stuffing attacks.