If you have a Paypal user account, and you are part of the nearly 35,000 users affected by a data breach that occurred at the beginning of last December, the popular electronic payment platform will have already sent you a notification alerting you to this security incident. , making you reset your password at the next login, and compensating you by offering two years of Equifax identity monitoring service at no cost.
And it is that, as explained by the platform in its recent data breach report, published today, between the 6th and 8th of last December, it detected that the hackers were running credential stuffing attacks, a total of 34,942 of its users having been affected between those two days.
Credential stuffing attacks were used to compromise accounts
As a result, they took measures to mitigate it at that time by limiting access to hackers, and subsequently initiating an investigation to clarify how they managed to successfully access the accounts of those users.
Credential stuffing attacks are executed by bots and consist of testing pairs of usernames and passwords obtained from previous leaks of personal data on other websitestaking advantage of the fact that there are users who use the same usernames and passwords in different applications and websitesb.
Therefore, it is not a problem that it is due to an existing security breach in the platform, but rather a common practice in many Internet users.
In this sense, the hackers were able to access personal data such as full names, dates of birth, postal addresses, among others, as well as the transaction history and even data from the linked bank cards.
The platform has no record at the moment of having attempted or succeeded in carrying out any transaction from the affected accounts.
To avoid future problems, among other aspects, the platform recommends using passwords with a high level of strength, that is, having at least 12 characters, combining characters and alphanumeric symbols.
In addition, it also recommends enabling two-factor authentication (2FA) as a measure that makes it more difficult for attackers to successfully break into compromised accounts. This reduces the chances of being successfully attacked in the future.
More information: Paypal
