March 29, 2023

PayPal has disclosed a data breach that involved the theft of information from 35,000 customers in a credential-stuffing attack.

PayPal said in the fulling the breach occurred between Dec. 6 and Dec. 8 and was detected on Dec. 20. Details believed to have been accessed include names, addresses, Social Security numbers, tax identification numbers, and dates of birth.

PayPal reset the passwords of all affected accounts and implemented enhanced security controls. Affected users are also being offered two years of free identity monitoring services from Equifax.

Advertisements

Although many PayPal accounts were affected, the attack was not the result of PayPal’s lack of security. Instead, it’s the result of PayPal users reusing the same password on PayPal and other websites.

Modern MFA technologies cost almost nothing to implement and should be enabled by default by financial service providers as a foundational security. High-profile breaches must serve as a wake-up call for organizations large and small to implement a zero-trust architecture, enable MFA, and use strong and unique passwords.

Tags:

Leave a Reply

You may have missed

Apple Backports ZeroDay Patches for older devices

Apple Backports ZeroDay Patches for older devices

March 28, 2023
Apache Fineract Vulnerabilities

Apache Fineract Vulnerabilities

March 28, 2023
IceID Malware Shifting Focus to Ransomwares

IceID Malware Shifting Focus to Ransomwares

March 28, 2023
Sun Pharma suffers a Security Incident

Sun Pharma suffers a Security Incident

March 28, 2023
Twitter Source Code Leak on Git

Twitter Source Code Leak on Git

March 27, 2023
Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
%d bloggers like this: