© Kurt Knutsson
Last Thursday, PayPal began notifying nearly 35,000 of its customers that their accounts were breached between Dec. 6 and 8. During the two days, PayPal claims that no money was stolen from anyone.
The hackers were still able to obtain personal and private information, including full names, dates of birth, physical addresses, social security numbers and tax identification numbers. PayPal halted the intrusion within two days, reset the passwords for affected users and said no unauthorized transactions were attempted.
PayPal’s internal investigation revealed that the hackers used a method known as credit stuffing to breach the accounts of these victims. Credential stuffing is when hackers use existing credentials already floating around the dark web to hack into private accounts. They use bots with lists of usernames and passwords acquired in previous data breaches and try the credentials at multiple online services with the hope that customers have not recently changed their passwords. This is where those who use the same passwords across multiple different accounts could run into a big problem.
If you were one of the victims of this PayPal attack, then PayPal should have already reset your password. When you go to make a new password, make sure it is a strong password with capital and lowercase letters, numbers and symbols. The company is also offering victims two years of free identity monitoring from Equifax.
There are steps you can take to ensure that something like this never happens to you.
- Create strong passwords and don’t use the same ones for multiple accounts: you can find out more about creating strong passwords and great password managers
- Use 2-factor authentication: take advantage of 2-factor authentication for any services you use that offer it. This is one extra step that will keep a hacker out of your private information even if they get their hands on your login credentials.
Copyright 2023 CyberGuy.com.
