PayPal is notifying approximately 35,000 users that their accounts have been targeted in a campaign involving credential stuffing. In a letter to those affected, the company stated, “On December 20, 2022, PayPal confirmed that unauthorized parties were able to access the PayPal customer account using user login credentials.”
The company claims that between December 6 and December 8, 2022, a third party used credentials obtained from another source to access user accounts. On December 8, the unauthorized access was stopped. The company claims there is no proof that its systems were compromised and that the attackers most likely acquired the login credentials through phishing or other illegal means.
The company claims that the attackers were able to gain access to the victim accounts and possibly steal personal data.
Read More: PayPal Warns 35,000 Users of Credential Stuffing Attacks
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.