Skip to main content
  1. Home
  2. Computing
  3. News

If you use PayPal, your personal data may have been compromised

By

PayPal has recently suffered a massive data breach, and if you were one of the affected users, your details may have been leaked. Given the nature of a PayPal account, the exposed data includes some of the most sensitive information, which could put those users at risk of identity theft.

The company is taking steps to protect the accounts from further damage. Here’s what we know about what happened and how to protect yourself.

A person holds a mobile phone with the PayPal app open.
PayPal

According to PayPal, an unauthorized third party was able to access close to 35,000 PayPal accounts. This took place in December 2022, and PayPal names December 6 to 8 as well as December 20 as the dates when this breach was taking place. During those time windows, the attacker was able to view, and possibly acquire, most of the sensitive data tied to a PayPal account.

Recommended Videos

PayPal issued a warning to the users whose data may have been compromised. In the report, PayPal states: “The personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth.”

Related

It’s possible that invoicing data and credit card or debit card details may have been accessed. It’s unclear what will happen to the stolen data, but it’s safe to assume that some form of identity theft or phishing is in the cards.

Daily reminder to not re-use your passwords

The company didn’t divulge how exactly the attackers were able to access the accounts, although it claims it hasn’t found evidence of hackers stealing the user data directly from PayPal’s systems. On the other hand, Bleeping Computer reports that the attackers were able to hack into the accounts through credential stuffing. This means that they may have tried to use login credentials stolen elsewhere — in massive quantities — until some of them worked.

As a response to the attack, PayPal reset the passwords on all of the accounts that were affected. If your account was one of them, you’ll be asked to set up a new password the next time you try to log in. PayPal is also giving each of those users a two-year subscription to Equifax, an identity monitoring service.

In order to protect yourself from similar attacks, make sure to not use the same login credentials (password and username or email) across multiple websites and apps. In addition, it’s always a good idea to set up two-factor authentication on services like PayPal in order to be extra sure that your data is safe from attacks.

Editors’ Recommendations

Topics
Monica J. White
Monica J. White
Computing Writer
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Nearly 32 million personal files with sensitive data have been exposed
A large monitor displaying a security hacking breach warning.

Your full name, address, and partial credit card numbers may have been exposed in a data breach involving field service management business ServiceBridge. Security researcher Jeremiah Fowler's report uncovers that nearly 32 million non-password-protected files, such as contracts, invoices, agreements, and more, were exposed.

The information was publicly accessible, with no security authorization needed, for an undisclosed amount of time, and there is no official confirmation of who may have accessed it. The files date back to 2012 and are linked to companies from Canada, numerous European countries, the U.S., and the U.K.

Read more
You may be a victim in one of the worst data breaches in history
A person using a laptop with a set of code seen on the display.

Background check company National Public Data -- also known as Jerico Pictures -- suffered what is reportedly one of the most significant data breaches in history, affecting 2.9 billion personal records that leaked sensitive data such as Social Security numbers and more, as mentioned in a class-action lawsuit document and sourced by Bloomberg Law. What's even worse is that it's not known how the breach happened in the first place -- or who has been included in it.

Before getting into it, it's worth noting that National Public Data has not confirmed the breach yet, so there's a lot of information that's only coming from the lawsuit or the hacking group. That means some of the figures will need to be taken with a grain of salt. Still, it doesn't sound good.

Read more
Hacker claims to have hit Apple days after hacking AMD
The Apple logo is displayed at the Apple Store June 17, 2015 on Fifth Avenue in New York City

Data breaches happen all the time, but when the giants get hit, it's impossible not to wonder what kind of critical data may become exposed. Earlier this week, notorious cybercriminal Intelbroker reported that they managed to hack AMD. Now, they followed up with claims about hacking Apple, and went as far as to share some internal source code on a hacking forum.

As Apple has yet to comment, all we have to go off is the forum post, first shared by HackManac on X (formerly Twitter). In the post, Intelbroker states that Apple suffered a data breach that led to the exposure of the source code for some of its internal tools. The tools include AppleConnect-SSO, Apple-HWE-Confluence-Advanced. There's been no mention of any customer data being leaked, which is good news, but there could still be some impact on Apple if this proves to be true.

Read more