Last Thursday, PayPal began notifying nearly 35,000 of its customers that their accounts were breached between Dec. 6 and 8. During the two days, PayPal claims that no money was stolen from anyone.
What happened with the PayPal attack?
The hackers were still able to obtain personal and private information, including full names, dates of birth, physical addresses, social security numbers and tax identification numbers. PayPal halted the intrusion within two days, reset the passwords for affected users and said no unauthorized transactions were attempted.
How did the hackers breach these accounts?
PayPal’s internal investigation revealed that the hackers used a method known as credit stuffing to breach the accounts of these victims. Credential stuffing is when hackers use existing credentials already floating around the dark web to hack into private accounts. They use bots with lists of usernames and passwords acquired in previous data breaches and try the credentials at multiple online services with the hope that customers have not recently changed their passwords. This is where those who use the same passwords across multiple different accounts could run into a big problem.
To learn more about how to know if your passwords have been hacked, head over to CyberGuy.com and search “have your passwords been hacked” by clicking the magnifying glass at the top of my website.
What if my PayPal account was hacked?
If you were one of the victims of this PayPal attack, then PayPal should have already reset your password. When you go to make a new password, make sure it is a strong password with capital and lowercase letters, numbers and symbols. The company is also offering victims two years of free identity monitoring from Equifax.
How to protect yourself from hackers in the future
Although PayPal is working hard to help out the victims of this vicious attack, there are steps you can take to ensure that something like this never happens to you.
- Create strong passwords and don’t use the same ones for multiple accounts: you can find out more about creating strong passwords and great password managers here
- Use 2-factor authentication: take advantage of 2-factor authentication for any services you use that offer it. This is one extra step that will keep a hacker out of your private information even if they get their hands on your login credentials.
Were you affected by the PayPal breach? We’d love to hear from you.
For more of my security tips, subscribe to my free CyberGuy Report Newsletter by clicking the “Free newsletter” link at the top of my website.
Copyright 2023 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.