ESET, threat detection company, analyzed the incident that exposed information of almost 35 thousand PayPal users last Wednesday, January 18. In an official statement, the company mentions that between December 6 and 8, 2022, unauthorized third parties accessed customer accounts using the user’s login credentials.
PayPal said there is no evidence that the credentials were stolen from its internal system.so the login information may have been obtained through past security breaches or some form of brute force cyber attack.
Despite the incident, the company says there is no evidence that user data has been misused. As detailed in the statement, during these two days the cybercriminals managed to access data such as name, address, tax identification number and date of birth. But it is important to clarify that accessing PayPal accounts also allows you to obtain the transaction history, plus some linked card data.
“The risk of them having access to this information is related to the possibility of being targeted by phishing attacks or identity theft. Attackers can trade this data or even use it to carry out fraud”, says Camilo Gutiérrez Amaya, head of the ESET Latin America Research Laboratory.
One of the first actions the app took was reset the passwords of the affected accounts after the incident. This forced people to change their passwords as soon as they logged back in.
According to information published by BleepingComputer, the number of accounts affected by this unauthorized access is around 35 thousand. Furthermore, the website claims that it was an attack known as “password spraying“, which is based on the automatic access attempt, through email addresses and passwords that were leaked in previous breachesin order to find an account that still uses those same security keys.
In addition to changing your password, ESET recommends enable two-factor authentication so that the security of the account does not fall exclusively on the login.
Disclaimer: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
It may interest you:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.