A major security breach has affected 35,000 PayPal accounts, resulting in the theft of personal information.
The alerting aspect of this breach is that PayPal's software was not hacked. The issue of stolen data stems from "credential stuffing." Credential stuffing is a cyber-attack that leverages previously leaked login information to access new accounts. In this case, customers reused login information leaked in other data breaches, making their PayPal accounts vulnerable to attack.
What information was stolen?
In two days, hackers stole the following data:
- Full names
- Social Security Numbers
- Addresses
- Individual tax identification numbers
- Pay Pal invoicing data
As soon as PayPal became aware of the security breach, they immediately reset users' login credentials and ensured no transactions were made to their accounts. According to PCWorld, PayPal also provided affected users with two years of free credit monitoring to help protect their personal information. PayPal is also working to prevent similar attacks from happening in the future.
What can people do to avoid experiencing this problem themselves?
For someone who uses online financial services, it is important to protect yourself from similar attacks. You can do this by:
- Using a unique password for each online account
- Enabling two-factor authentication
- Monitoring your financial accounts regularly for any suspicious activity
- Be cautious when clicking on links or downloading attachments in emails, especially if they seem suspicious
You may assist in safeguarding your data and avert falling victim to a similar attack by following these procedures. Make sure that you are cautious and secure!
The Infiniwiz technical team in the Chicago area takes a proactive approach to your cybersecurity. We set up the proper IT protocols and help you implement them to keep your data and network safe from online hackers. Stay alert.