November 30, 2023

PayPal has disclosed a data breach that involved the theft of information from 35,000 customers in a credential-stuffing attack.

PayPal said in the fulling the breach occurred between Dec. 6 and Dec. 8 and was detected on Dec. 20. Details believed to have been accessed include names, addresses, Social Security numbers, tax identification numbers, and dates of birth.

PayPal reset the passwords of all affected accounts and implemented enhanced security controls. Affected users are also being offered two years of free identity monitoring services from Equifax.

Advertisements

Although many PayPal accounts were affected, the attack was not the result of PayPal’s lack of security. Instead, it’s the result of PayPal users reusing the same password on PayPal and other websites.

Modern MFA technologies cost almost nothing to implement and should be enabled by default by financial service providers as a foundational security. High-profile breaches must serve as a wake-up call for organizations large and small to implement a zero-trust architecture, enable MFA, and use strong and unique passwords.

Tags:

Leave a Reply

You may have missed

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023

AWS Detective adds new Capabilities

November 27, 2023
%d bloggers like this: