PayPal has been impacted by a credential stuffing attack
that resulted in the compromise of data from 35,000 customers, reports SiliconAngle
Threat actors targeted PayPal with the attack from Dec. 6 to Dec. 8, and were able to access customers' names, birthdates, addresses, Social Security numbers, and tax identification numbers, prior to the detection of malicious activity on Dec. 20. All impacted accounts have already been reset by PayPal.
"Although many PayPal accounts were affected, the attack was not the result of PayPals lack of security. Instead, its the result of PayPal users reusing the same password on PayPal and other websites," said Comparitech's Paul Bischoff.
Such an attack should prompt organizations to adopt stronger verification systems, according to Keeper Security Chief Technology Officer Craig Lurey.
"High-profile breaches must serve as a wakeup call for organizations large and small to implement a zero-trust architecture, enable [multi-factor authentication] and use strong and unique passwords," Lurey added.