Security of personal data is what all IT firms should always think of. This is where IT loses. The “good news” is that you can’t name a startup or an IT product that doesn’t have issues in this field. Even Facebook, Twitter, WhatsApp, and other bigwigs face such problems. It’s the turn of PayPal. The latter has been sending a message to users about a data leak. Due to a hacker attack, 35,000 PayPal users’ data fell into the hands of bad actors.
PayPal Users Have Become The New Target Of Bad Actors
PayPal says that the attack took place between December 6 and 8, 2022. Then, it took measures and began reviewing the ways how the hackers gained access to the accounts. It ended a few days ago. On December 20, the platform’s security service said that third parties accessed the accounts of PayPal users. But this was not due to a PayPal vulnerability.
Gizchina News of the week
Hackers used the “credential stuffing” method. In it, the software goes through combinations of credentials obtained by hackers during previous leaks. That is, the logins and passwords of PayPal users could be “merged” from other sites earlier. They could access user data from those accounts that didn’t use two-factor authentication.
PayPal has reset the passwords of vulnerable PayPal accounts. it also began requiring users to set new passwords the next time they log into their accounts.
Leaking user data is a common goal of hacking attacks. At the end of December, we learned that fraudsters were selling the personal data of 400 million Twitter user accounts. WhatsApp messenger faced such a problem — about 487 million user numbers were put up for sale on the Dark Web. At the end of November, the data set contained numbers of WhatsApp users from 84 countries around the world — almost a quarter of all users of the app.