Social security numbers were reportedly stolen in a cyberattack targeted at PayPal. Close to 35,000 PayPal users were impacted by the credential stuffing attack according to the company.
Social Security Numbers Reportedly Stolen In Cyberattack Targeted At PayPal
The company on a Wednesday regulatory filing aid that the social security numbers and other personal information of about 35,000 PayPal users were stolen in a credential stuffing attack back in December.
And according to documents filed with the state of Maine, the attack took place between December 6 and December 8 of the previous year and was spotted on December 20. And in addition to social security numbers, dates of birth, addresses, usernames, and individual tax identification numbers may also have been affected and compromised.
There however is no indication that any sort of financial information was lost or stolen, or that any customer accounts were misused, PayPal stated. The payment systems of the firm also were not affected.
PayPal’s Statement to CNET
In a statement released on Thursday to CNET, PayPal stated that it has made contact with affected customers and then offered guidance on how to protect their personal information further. The company also rests the passwords of all the affected accounts and it is also requiring all of their users to set new ones the next time that they log in to their accounts. The firm is also providing affected users with identity theft monitoring services via Equifax for the next two years.
Cybercriminals Bombarded Online PayPal Accounts with Combinations of Passwords and User Names
Cybercriminals in a credential stuffing attack bombarded online PayPal accounts with combinations of passwords and user names, which often were stolen in data breaches prior to the time in an attempt to get access to as many accounts as they could.
What Users Should Do After the Attacks?
This is one very important reason cybersecurity experts have advised consumers always to enable two-factor authentication whenever they can, the security measures in question require a second form of authentication such as fingerprint or a code that is sent to the phone of a user, in addition to a password, thus protecting a user’s in case their password is ever compromised.
People in addition to the above should make use of long passwords, and the passwords should also be unique and random in regard to each of their accounts online, those types of passwords will be less likely to pop up on the lists of passwords that are used to crack accounts in credential stuffing attacks.
