According to various media, hackers had access to almost 35.000 PayPal accounts. The provider was not hacked, but the accounts were compromised via credential stuffing. This means that users were too lazy to use different passwords, didn't replace their leaked passwords and didn't use 2-factor authentication. The passwords were then simply tried out successfully by the hackers at PayPal.
A successful hack and the stupidity of users are often confused. To access the PayPal accounts, the hackers filtered customer details and passwords from various other company hacks or password database providers and tried them on the PayPal accounts to log in. On the Internet and Darknet there are databases with millions of customer data, such as e-mails and passwords, free of charge or for little money. If customers have not additionally activated a 2-factor authentication, this so-called credential stuffing works.
PayPal warns customers by letter
After PayPal noticed the access, all affected customers were informed. They should check their account movements and also monitor them in the future. They should also change their passwords and use 2-factor authentication, for example via SMS. However, there must be voices on the net that PayPal does not prevent the mass logins and then, for example, blocks the IP addresses or gives them a forced break until the next login.
Any user can easily check whether their data has been leaked on the Internet. Various institutes have taken up the databases from the dark web and stored them in online check services. It is therefore advisable to check whether the e-mail address or telephone number is included. The web offer "';–have i been pwned?" has entered various databases into its systems. There you can check seriously and free of charge whether data has been compromised.
Subscribe to our newsletter nowRead the best news from B2B CYBER SECURITY once a month
Red./selMore at PayPal.com