PayPal Announces 35,000 User Accounts Were Breached In A Credential Stuffing Attack

The popular online payment processing service that made Elon Musk rich, sent notifications to almost 35,000 users informing them that their accounts had been breached in a credential stuffing attack.


What Happened

According to PayPal, between December 6th, 2022 and December 8th, 2022, malicious actors were able to access user accounts using a technique known as “credential stuffing”. This technique relies on the tendency for users to re-use passwords across multiple online services, sometimes securing monetary accounts with the same passwords used on social media sites that frequently get hacked.

According to PayPal, 34,942 users were impacted by this incident, and that the hackers had access to account holders’ full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers, transaction histories, connected credit or debit card details, and PayPal invoicing data.

PayPal says they took timely action to limit the intruders’ access to the platform and reset the passwords of accounts confirmed to have been breached.They also claim that the attackers have not attempted or did not manage to perform any transactions from the breached PayPal accounts.

“We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account,” reads PayPal’s notification to impacted users.

“We reset the passwords of the affected PayPal accounts and implemented enhanced security controls that will require you to establish a new password the next time you log in to your account” – PayPal


What Should I Do?

PayPal strongly recommends that recipients of the notices change the passwords for other online accounts using a unique and long string of at least 12-characters. They also advise users to employ two-factor authentication (2FA) protection from the ‘Account Settings’ menu, which can prevent an unauthorized party from accessing an account, even if they have a valid username and password.

Impacted users will receive a free-of-charge two-year identity monitoring service from Equifax.

Rocky Mountain Cybersecurity can monitor the dark web and provide a monthly report on your passwords that are for sale. We have also been providing our clients with educational seminars teaching their users about this exact issue for years. Contact us to find out how we can provide an affordable answer to this problem.

Contact Rocky Mountain Cybersecurity today! 307-288-0222  –

Elmer Robinson is an IT warrior and cybersecurity subject matter expert who has fought on the front lines of the cybersecurity wars and provided business continuity as long as they have existed.. A CISSP since 2008 and a certified network engineer since 1993, Elmer has proven success in delivering comprehensive cybersecurity strategies to every type of industry.