Digital wallet PayPal alerts customers about a security incident

Digital Wallet Payment Platform PayPal Customer Alert Cybersecurity Credential Stuffing Online Banking

A recent credential-stuffing campaign was launched against PayPal, as confirmed by the digital wallet and payment platform in a security incident notice sent to all affected customers.

The notice explained that the attack transpired between December 6 and December 8 last year, which PayPal’s security team had immediately mitigated and investigated.

The digital wallet firm’s investigations ended on December 20, 2022, with the company concluding that an unauthorised third party had logged into customer accounts using valid credentials. However, PayPal clarified that an internal systems breach did not cause it and that there is no evidence that the leveraged user credentials in the credential-stuffing campaign were acquired from them.


Over 34,000 PayPal users were affected by the breach on the digital wallet firm.


It has also been revealed that the recent PayPal data breach impacted about 34,942 users in the span of two days. Numerous sensitive user data were exposed to the threat actors, including full names, dates of birth, postal addresses, individual tax identification numbers, Social Security numbers, transaction histories, banking card details, and invoicing data.

All the breached accounts have their passwords reset by PayPal. The digital wallet firm also claimed that there were no identified attempts to perform malicious transactions on the affected user accounts and that users’ data were not misused.

As a part of their incident response measures, PayPal also implemented enhanced security controls that will ask users to create new and stronger passwords the next time they log in. All affected users are given a two-year identity monitoring service for free through Equifax.

Adding to the preventive measures advised by PayPal, users must change their passwords on all their online accounts to ensure that threat actors cannot utilise the stolen passwords to log in to them.

Activating multi-factor authentication is also strongly recommended as it could provide more robust protection against the threats of cyberattacks.

About the author

Leave a Reply