Recently, the financial technology company PayPal revealed that over 30,000 accounts were breached. The customer accounts got accessed by bad actors at the end of 2022 during a security incident. Some of the information that the bad actors managed to access included transaction history and personal information. They also accessed credit card details and other sensitive information. According to the company, the bad actors accessed the customer accounts using the login credentials they had acquired.
PayPal hack
According to PayPal, the unauthorized parties accessed the customer accounts at the beginning of December 2022. During this time, these parties viewed and perhaps acquired the personal information of the affected users. As soon as the company learned of the PayPal hack, it started investigating and taking action. That included steps that would prevent the bad actors and others in the future from accessing and getting other personal information. By the end of the month, the investigation concluded. From this, the company learned that bad actors used valid credentials to access customer accounts on the platform. Then, PayPal reset the passwords of all affected accounts in an effort to protect customer data. The company also started implementing other measures that would force the users to create a new password when they logged in next. Some of the other sensitive information the bad actors could access included the last four digits of all connected cards and their expiry dates. They could also see invoicing information of the users, tax identification numbers, and social security numbers.
Method
According to the data breach notification that the company had to submit to the Attorney General in Maine, the way that the bad actors accessed accounts was through “credential stuffing”. That’s done when hackers use login credentials that got stolen in the past. Then they use those credentials to try logging in on platforms. This is a common strategy in cybercrime because login credentials often get lost or stolen often across the internet. It happens when users end up using the same passwords over a long period of time on many platforms.
How can you protect your information when using wireless technology?
For users wondering how can someone hack your PayPal, there are steps that concerned users can take. Secure login information is critical in preventing these types of cyber attacks. Users have to start using different login credentials for every platform they use to ensure they stay safe. As for companies, they have to install secure connections for their users. Encryption is an essential element, as is software that is up to date, and general safety when browsing the web. But securing sensitive customer data is becoming more complex for companies by the day. That’s why companies have to invest in data classification and encryption. They also have to conduct data protection assessments and get their customers to use multi-factor authentication.
Communicating a braech
Although breaches are inevitable, companies also have to be mindful when notifying their users that a breach has occurred. As PayPal did, they have to explain the extent of the breach. They’ll also have to describe the steps they’re taking to prevent similar situations in the future. And of course, apologize to the affected users.