Using the same passwords across multiple services The specialized site BleepingComputer reported that the breach is the result of credential stuffing, a type of attack in which hackers 'stuff' the login page with numerous keys taken elsewhere PayPal has more than 200 million users worldwide. How the cyberattack against PayPal was perpetrated That the login credentials were taken from the company's systems. Numbers, individual tax identification numbers, and/or dates of birth.įrom the virtual wallet they have not yet explained exactly how the attackers managed to access these accounts, other than stating that 'During this time, unauthorized third parties were able to view and potentiallyįor certain PayPal users,' the warning reads. The company confirmed that on December 20, 2022, an unauthorized third party accessed several PayPal accounts.Īccording to the first investigations, they discovered that the person responsible for the attack managed to enter between December 6 and 8, 2022. Issued a warning to a group of its customers about the status of their accounts, in particular regarding a security breach.Īs they recognized from the American virtual wallet,Īnd some confidential data was compromised.