Read Time:1 Minute, 42 Second

Online payment platform giant PayPal confirmed that it was hit by a credit stuffing attack last December 6. The attack affected 34,942 customers.

PayPal was a victim of a credit stuffing attack on December 6. Nevertheless, the company was only aware of it 14 days after. According to recent reports, PayPal is currently unable to pinpoint what data was compromised but notes that data such as names, addresses, social security numbers, tax IDs and birth dates could be part of the breached information.

PayPal released a letter to its users mentioning that “we have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorised transactions on your account. There is also no evidence that your login credentials were obtained from any PayPal systems.”

David Hollingworth, CyberSecurity Connect writer, explains that credit stuffing “works with account details acquired or stolen from elsewhere, and applies them in a brute-force attack on other networks. Once the attack succeeds, however, it is possible that operators can now use name and password combinations they know to be good to access other services that also use the same details.”

PayPal’s report discussed that the attack lasted two days, and the company immediately launched its defences to thwart the attackers’ efforts. PayPal immediately reset the affected users’ passwords. Experts noted that the threat actors could not perform any transactions from the affected accounts upon investigation.

Additionally, the company advised that affected users would receive a two-year free-of-charge identity monitoring from Equifax. PayPal recommends that all users immediately change their passwords, not only for their PayPal accounts but also for their other online accounts. Moreover, the company recommends activating two-factor authentication for added security.

Cybersecurity experts scrutinised the successful attack. According to Baber Amin, COO of Veridium, “As trusted vendors, PayPal and others need to set a higher bar here.” Amin suggested that companies such as PayPal must do more to ensure the data security they are handling.

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Previous post Australian ‘Hi Mum’ Scammer Caught
Next post Successful Data Privacy Needs Strong Cybersecurity