PayPal has reported a data leak to the Maine Attorney General’s Office. Attackers would have tested access data and gained access to accounts.
PayPal has reported an unauthorized personally identifiable information (PII) leak to the Maine Attorney General’s Office. Attackers would have tested numerous access data in a credential stuffing attack – and were successful in many cases.
Paypal: Unauthorized access to personal information
According to the ad that was set up, unauthorized third parties would have access to the customers’ names, addresses, social security numbers, tax identification numbers, and dates of birth. PayPal has now sent a notification to customers affected by the incident to inform them of the data leak.
According to media reports, the Paypal attack was discovered on December 20 last year, in which the cybercriminals were able to gain unauthorized access to certain customer accounts with their access data. The investigation that was initiated revealed that the affected accounts were accessed between December 6th and 8th. PayPal found that the attackers could access and potentially steal personal information.
The cybercriminals were apparently able to access around 35,000 customer accounts. Not all of the aforementioned personal data were accessible for all affected customers. The notifications to affected customers from Wednesday of this week. There the company explains that it has no information “that indicates that your personal data was misused as a result of this incident or that there were unauthorized transactions on your account.”
Thus, the affected Paypal customers may have had luck in their misfortune. After logging in, it is usually easy to send at least small sums via Paypal. PayPal claims to have reset the passwords of successfully compromised accounts and implemented advanced security checks. The company also offers data subjects the opportunity to use Equifax identity monitoring.