Around 34,942 PayPal accounts personal data revealed by a credential stuffing attack

Recently PayPal confirmed about its user’s accounts had been attacked by unknown hackers between the 6th to 8th of December 2022. The attacker is said to have got unauthorized access to thousands of accounts counting around 34,942 by using a credential stuffing attack. It is still a very small number of customers and PayPal has around 432 million active users today.

Through this attack, the user’s personal information including names, addresses, social security numbers, tax identification numbers, and dates of birth was revealed according to the company.

Recently the credential stuffing attack has been increasing as many individuals reuse usernames and passwords across multiple accounts.

In an email, the PayPal spokesperson said that “No financial data was obtained and its payment system remained unharmed. While the impacted users have been informed individually, and we’ve given them advice on how to better safeguard their data.

The affected users are being said to reset their passwords and implemented enhanced security controls like two-factor authentication. They are also said to change it to unique and strong passwords even for their other services accounts using the same passwords. For doing so they are even advised to take help from a password manager, such as 1Password or Bitwarden.

He further said that “PayPal’s primary concern continues to be the security and privacy of our customer’s account information, and we deeply regret any difficulty this may have caused”


Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. Amazon and the Amazon logo are trademarks of, Inc. or its affiliates Read More


This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More