PayPal has been hacked with thousands affected - Is your account safe?
Thousands of PayPal accounts have been hacked, according to a notice of security incident released by the multinational payment platform on January 18th. What does this mean for account holders? What information did these cybercriminals get access to? What should PayPal account holders do next?
According to the report released by PayPal, hackers managed to gain unauthorized access to at least 34,942 accounts. The attack was launched between December 6 - 8, 2022. The cybercriminals used a credential-stuffing attack to gain access to these accounts.
A credential-stuffing attack automatically forces its way into an account by using re-used credentials from other services. This means that anyone using the same password across multiple accounts has a higher chance of being caught in this attack. It also means that if you fall victim, you should check your other accounts as well as chances are one of them have also been breached.
Despite the security features that PayPal has in place, users reusing their passwords across multiple platforms creates a vulnerability in the payment systems defenses. This can then easily be exploited using a credential-stuffing attack.
In response to this attack, Paypal has already sent an official notification to all affected users. This notification clarifies the details of the attack. The notification went on to explain to users that at this point, there’s no evidence indicating that account information was misused or that any transactions were made from affected accounts. PayPal has also revoked all third-party access to the affected accounts.
However, it should be noted that these criminals did have access to personal information. This information includes name, address, Social Security number, individual tax identification number, and date of birth - everything a cybercriminal could need for identity fraud and theft.
Taking responsibility for the potential harm this hack could cause, PayPal is offering all affected account holders two years of free access to identity monitoring services from Equifax.
Customers who have received this notification are urged to make use of the identity monitoring services. It’s also recommended that these users immediately change the passwords of all of their accounts and wherever possible, enable two-factor authentication.
Account users who haven’t received a notification are unaffected by this most recent credential-stuffing attack. However, users are urged to change their passwords if they use the same password across multiple accounts to prevent any future issues of this nature. If you’re concerned about keeping track of multiple different passwords, a password manager like 1Password or Bitwarden makes this a painless exercise.
This latest hack proves how important it is to use strong and unique passwords for your accounts. In this case, the hack affected users who have re-used passwords across multiple accounts. This could’ve been avoided had users implemented unique, strong password usage. Hopefully, PayPal will also take additional steps in its security protocols to better protect against these types of attacks in the future.Advertisement