Security News > 2023 > January > PayPal accounts breached in large-scale credential stuffing attack
PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.
Credential stuffing targets users that employ the same password for multiple online accounts, which is known as "Password recycling."
Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.
PayPal says it took timely action to limit the intruders' access to the platform and reset the passwords of accounts confirmed to have been breached.
The notification claims that the attackers have not attempted or did not manage to perform any transactions from the breached PayPal accounts.