December 3, 2023

Last Thursday, PayPal began notifying nearly 35,000 customers that their accounts were compromised between Dec. 6 and Dec. 8. During those two days, PayPal claimed that no one’s money had been stolen.

Click to get KURT’s CYBERGUY newsletter with quick tips, tech reviews, security alerts and simple how-to’s to make you smarter

What happened to the PayPal attack?

Hackers were still able to obtain personal and private information, including full names, dates of birth, physical addresses, Social Security numbers and tax ID numbers. PayPal halted the intrusion within two days, reset passwords for affected users and said no unauthorized transactions were attempted.

PayPal’s internal investigation revealed that hackers used a method called credit stuffing to compromise the accounts of these victims.
(Kurt Knudsen)

How did hackers compromise these accounts?

PayPal’s internal investigation revealed that hackers used a method called credit stuffing to compromise the accounts of these victims. Credential stuffing is when hackers use existing credentials already spread on the dark web to break into private accounts. They use bots with lists of usernames and passwords obtained in previous data breaches and try the credentials across multiple online services, hoping customers haven’t changed their passwords recently. This is where those who use the same password across multiple different accounts can run into big problems.


To learn more about how to know if your password has been hacked, go to and search for “has your password been hacked” by clicking the magnifying glass at the top of my site.

What if my PayPal account has been hacked?

If you were one of the victims of this PayPal attack, PayPal should have reset your password. When you set a new password, make sure it’s a strong password that includes uppercase and lowercase letters, numbers, and symbols. The company also offered victims two years of free Equifax identity monitoring.

How to protect yourself from hackers in the future

While PayPal is working hard to help victims of this malicious attack, there are steps you can take to make sure something like this never happens to you.

  • Create a strong password and don’t use the same password for multiple accounts: You can find out more about creating strong passwords and good password managers here
  • Use 2-factor authentication: Take advantage of two-factor authentication with any service you use that offers it. This is an extra step that prevents hackers from accessing your private information, even if they have your login credentials.

How cash payment app scams scam you out of money

Were you affected by the PayPal vulnerability? We’d love to hear from you.

For more of my security tips, subscribe to my free CyberGuy Reports newsletter by clicking the “Free Newsletter” link at the top of my website.

Click here for the Fox News app

Copyright 2023 all rights reserved. articles and content may contain affiliate links that earn commissions on purchases made.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *