3.3 C
London
Sunday, February 5, 2023
HomePayPal Hack Exposes Customer Names, Social Security Numbers
Array

PayPal Hack Exposes Customer Names, Social Security Numbers

Date:

Related stories

Fake Meat Fail: Sales Collapse At Beyond Meat, Impossible Foods As 20% Of Staff Laid Off

Fake Meat Fail: Sales Collapse At Beyond Meat, Impossible Foods As 20% Of Staff Laid Off The fake meat industry appears to be in a death-spiral as sales at plant-based 'meat' companies Impossible Foods and Beyond Meat have imploded. As ...

Update To ‘Sims’ Video Game Features Teen Trans Characters With Chestbinders, Breast Removal Scars

Update To 'Sims' Video Game Features Teen Trans Characters With Chestbinders, Breast Removal Scars Authored by Steve Watson via Summit News, A new update to the popular “Sims” video game, where the player controls communities of simulated...

EU’s Nat Gas Cuts Likely To Spill Into Next Year

Europe is nearing the end of winter with record-high levels of natural gas in storage—news that has been appropriately celebrated in the media. Yet declarations that the crisis is over appear to have been premature. Because even with this record gas in...

A Return To ‘Head-Smacking Craziness’? Hedge Fund Billionaire Singer Warns ‘Bear Market Is Not Over Yet’

A Return To 'Head-Smacking Craziness'? Hedge Fund Billionaire Singer Warns 'Bear Market Is Not Over Yet' "Central bankers think they are the masters of the universe because the world is looking to them (and only them) to deliver continuou...

The Long-Term Negative Effects Of ESG Will Be Catastrophic

The Long-Term Negative Effects Of ESG Will Be Catastrophic Authored by Tom Czitron via The Epoch Times, Environmental, social, and governance (ESG) has been a hotly debated topic over the last few years. The seemingly unquestioned march t...
PayPal Hack Exposes Customer Names, Social Security Numbers

Authored by Jack Phillips via The Epoch Times (emphasis ours),

Some 35,000 PayPal user accounts have been hacked by “credential stuffing,” resulting in exposed names and Social Security numbers, according to a notification posted on a government website.

Signage outside PayPal headquarters in San Jose, Calif. (Jeff Chiu/AP Photo)

Through its lawyers, the California-based payment processor sent a notice to Maine’s attorney general. The company also sent a letter, dated Jan. 19, about the data breach to impacted users.

That letter said that the accounts were breached sometime between Dec. 6 and Dec. 8, 2022. The company said that it was able to deal with the attack soon after it occurred, according to the letter.

The notification to users said (pdf) that 34,942 users were impacted by the incident and that unauthorized third parties gained access to their accounts. Those third parties, which were not identified, could view full names, dates of birth, Social Security numbers, addresses, and tax identification numbers.

We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account,” said PayPal’s letter.

Specifically, the hackers used a “credential stuffing” attack that involves automatically injecting login credentials that were found during previous data breaches.

“If you detect any suspicious activity on an account, change the password and security questions immediately, and promptly notify the company where the account is maintained,” PayPal said. “You may also add additional security for your PayPal account by enabling ‘2-step verification’ in your Account Settings. When links are present in an email, individuals should hover [their] mouse over the links to view the actual destination URL and should not click on the link if [they] are unsure of the destination URL or website.”

Furthermore, the company said it has reset passwords on the afflicted PayPal accounts. Impacted users will also get free identity monitoring services from Equifax, the consumer credit reporting company.

In a statement to PCMag, the company maintained that it was only a “small number of PayPal customer accounts” that were impacted by the breach. The Epoch Times has contacted PayPal for comment. It noted that neither its website nor its systems were hacked.

PayPal’s payment systems were not impacted, and no financial information was accessed,” the firm said. “We have contacted affected customers directly to provide guidance on this matter to help them further protect their information. The security and privacy of our customers’ account information [remain] a top priority for PayPal, and we sincerely apologize for any inconvenience this may have caused.”

More Details

Sam Curry, the chief security officer at Cybereason, told Forbes magazine that what happened was that previous hacks “led to a large population’s passwords in use elsewhere being stolen, and because people often reuse passwords and have done so for a long time.” Elaborating, he added that “the hackers were able to brute slam PayPal accounts with these until they found 35,000 matches.”

If a threat actor can access legitimate credentials–even if they’re dumped in a dark-web repository–they are only a few short, and in most cases, automated steps away from a successful intrusion,” Jasson Casey, the chief technology officer at Beyond Identity, told HackRead.

Read more here...

Tyler Durden Thu, 01/26/2023 - 03:30

Subscribe

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here