PayPal: Hacker access to almost 35.000 accounts

B2B Cyber ​​Security ShortNews

Share post

According to various media, hackers had access to almost 35.000 PayPal accounts. The provider was not hacked, but the accounts were compromised via credential stuffing. This means that users were too lazy to use different passwords, didn't replace their leaked passwords and didn't use 2-factor authentication. The passwords were then simply tried out successfully by the hackers at PayPal.

A successful hack and the stupidity of users are often confused. To access the PayPal accounts, the hackers filtered customer details and passwords from various other company hacks or password database providers and tried them on the PayPal accounts to log in. On the Internet and Darknet there are databases with millions of customer data, such as e-mails and passwords, free of charge or for little money. If customers have not additionally activated a 2-factor authentication, this so-called credential stuffing works.

PayPal warns customers by letter

After PayPal noticed the access, all affected customers were informed. They should check their account movements and also monitor them in the future. They should also change their passwords and use 2-factor authentication, for example via SMS. However, there must be voices on the net that PayPal does not prevent the mass logins and then, for example, blocks the IP addresses or gives them a forced break until the next login.

Any user can easily check whether their data has been leaked on the Internet. Various institutes have taken up the databases from the dark web and stored them in online check services. It is therefore advisable to check whether the e-mail address or telephone number is included. The web offer "';–have i been pwned?" has entered various databases into its systems. There you can check seriously and free of charge whether data has been compromised.

Editor/sel

More at PayPal.com

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more