Jan 19 – Nearly 35,000 PayPal users are receiving notifications about a credential stuffing attack that exposed personal data.
PayPal states that the attack occurred between December 6th and December 8th of last year. At the time, the company detected and mitigated the event. However, it also started an internal investigation to determine precisely how cyber criminals had broken into users’ accounts.
Several weeks later, PayPal confirmed that unauthorized parties managed to log into accounts with valid credentials.
According to PayPal, a breach did not occur on its systems. The company does not have any evidence showing that credentials were obtained from PayPal’s private collection of data.
What is a credential stuffing attack?
A credential stuffing attack occurs when cyber criminals attempt to break into accounts by testing out stolen passwords sourced from around the dark web.
Credential stuffing attacks target people who use the same exact passwords for multiple accounts.
For example, if cyber criminals see that an individual has used the password ‘Ilovemygoldenretriever’ for an Amazon account, the cyber criminal will also test the same password against other accounts (Facebook, Paypal…etc) to see if they can gain illicit access.
PayPal credential stuffing: Attack impact
PayPal says that connected credit or debt card details were made plain to cyber criminals. Affected individuals may wish to replace bank cards connected to accounts.
In spite of this, PayPal states that attackers did not manage to perform any transactions from the breached PayPal accounts.
The company has no information indicating that personal information was misused. However, exposed credit card details hypothetically could be sold on the dark web.
Affected users are due to receive free identity monitoring services from Equifax for the next two years.
PayPal recommends that recipients of the notification change the passwords for other online accounts. In addition, PayPal recommends that users activate two-factor authentication protection from their ‘Account Settings’ menu.