The online payment service was the victim of unauthorized access to its customers’ accounts and warned the users affected to invite them to be extra vigilant.
The theft of personal data seems to have been increasing for several months, and after the LastPass password manager last August, or more recently the online bank Revolut, it is PayPal’s turn to confirm an intrusion into the accounts of certain of its users.
Hackers targeted users using the same passwords for each of their online accounts
The payment service explains today that the access to the accounts would have taken place between December 6 and 8, 2022. The thugs would have simply tested different associations between usernames and passwords, recovered from a previous data leak. .
The idea here is to target users who use the same email addresses and passwords to log in to all of their online customer accounts.
The company also indicates that during its investigation, it did not detect any violation of its security systems. The hackers simply found the right accesses in their lists of stolen credentials and then gained access to the accounts.
Activate double authentication to avoid fraudulent connections
According to the report published by PayPal, 34,942 users had their accounts visited by a hacker who was able to gain access to full names, dates of birth, postal addresses, social security numbers and tax identification numbers. Worse still, the hackers were able to view transaction histories, added bank cards and billing data.
PayPal says it took quick action to prevent impersonators from resetting account passwords in order to gain ownership. The company also indicates that it has not observed any traces of fraudulent transactions during this period.
Customers affected by these intrusions have nevertheless been contacted by PayPal to warn them of the situation. Their passwords have been reset to default and they will be prompted to create a new one.
We advise you, on our side, to choose a different password for each platform to which you connect, and in particular for those containing a large number of your personal or banking data. Also, don’t forget to activate double authentication when it is available, which will save you from this type of mishap.
Source : Bleeping Computer
10