A security incident alert letter has reportedly been sent to thousand so PayPal account holders, suggesting that 35,000 client accounts were compromised in a credential-stuffing attack.

The fintech giant revealed in the said letter earlier this month that the attack occurred between Dec. 6 and 8, 2022. In addition to identifying the problem and taking steps to mitigate it, the company launched an internal investigation to learn how the hackers gained access to the account, GizChina reported.

The widespread password reuse among its customers was to blame for a significant breach of personal data, PayPal said, as per the outlet.

It claimed to have uncovered no proof of a security flaw in its systems or that the user login information was stolen directly from PayPal. More likely, the credentials were obtained through data breaches involving other online businesses.

The company reportedly said the intruders carried out no transactions, but the hackers had access to comprehensive personal information such as full names, dates of birth, postal addresses, social security numbers and unique tax identification numbers.

What Is a Credential-Stuffing Attack?

Attacks involving username and password combinations obtained via data leaks on numerous websites are known as "credential stuffing" attacks. This type of attack uses an automated method, with bots running lists of credentials to "dump" into login sites for multiple services.

Credential stuffing targets people who use the same password for numerous internet accounts, a practice known as "password recycling."

Is Your Account Affected by the Attack?

PayPal ought to have already changed your password if you were a victim of the attack. Additionally, the company has already provided the victims with free identity monitoring from Equifax for two years.

Read more

How Can You Keep Your Account Safe From These Attacks?

Credential stuffing attacks are among the most common forms of cyberattacks, and they can have severe consequences if your account is compromised. Fortunately, you can take a few simple steps to protect your account.

These include using strong passwords and two-factor authentication as well as changing your passwords regularly. Additionally, you should be aware of the common signs of such attacks, such as suspicious activity on your account or strange messages from unknown sources.

Two-factor authentication is an excellent approach to secure your account further and can be found under PayPal's Account Settings menu. If you enable the second verification step, a hacker won't be able to access your account even if they know your password.

Moreover, when creating a new password, use a combination of uppercase and lowercase characters, numbers and symbols to create a strong one.

35000 PayPal accounts breached
Unsplash
PayPal