PayPal Confirms Data Breach In a Massive Stuffing Attack
According to the PayPal notification of the security incident, an unauthorized party tried to access nearly 35, 000 PayPal user accounts. PayPal’s servers were not hacked; in fact, the reason for hacking was a ‘credential stuffing attack’ meaning that the attackers used a list of stolen usernames and passwords to try and gain access to these accounts, and were successful in accessing some of them.
This took place from December 6 to December 8, 2022. PayPal detected and mitigated it at moment. An internal investigation was launched to determine how the hackers gained access to the accounts.
Within two days, the hackers had access to account holders' full names, dates of birth, mailing addresses, individual tax identification numbers, and social security numbers.
As of December...