CYBER crooks managed to hack thousands of PayPal accounts late last year it has been revealed.
Almost 35,000 customers were reportedly affected due to a common password mistake.
1
Fortunately no sensitive financial information was stolen.
But hackers did manage to get hold of things like names, date of birth, address, social security numbers and transaction history.
It happened early in December and is not due to a fault on PayPal’s end.
The root cause is due to people reusing their passwords on multiple sites.
Experts have long warned against this, because if one site is compromised fraudsters can try to use your password on other websites.
According to Bleeping Computer, that’s what happened in this latest cyber scare, using a process known as credential stuffing.
Bots run your login details through various sites to see if it lets them in.
Had victims chosen a different password or had the extra protection of two factor authentication on, their account wouldn’t have been accessed.
Most read in Tech
PayPal has sent out breach notification emails to affected users telling them their password had been automatically reset and enhanced security controls activated.
“We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account,” the letter reads.
“There is also no evidence that your login credentials were obtained from any PayPal systems.”
A spokesperson told The Sun: “Earlier in December, our security team identified and resolved a data incident that affected a small number of PayPal customer accounts.
“PayPal’s payment systems were not impacted, and no financial information was accessed.
“We have contacted affected customers directly to provide guidance on this matter to help them further protect their information.
“The security and privacy of our customers’ account information remains a top priority for PayPal, and we sincerely apologize for any inconvenience this may have caused.”
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
