Skip to main content

If you use PayPal, your personal data may have been compromised

PayPal has recently suffered a massive data breach, and if you were one of the affected users, your details may have been leaked. Given the nature of a PayPal account, the exposed data includes some of the most sensitive information, which could put those users at risk of identity theft.

The company is taking steps to protect the accounts from further damage. Here’s what we know about what happened and how to protect yourself.

A person holds a mobile phone with the PayPal app open.

According to PayPal, an unauthorized third party was able to access close to 35,000 PayPal accounts. This took place in December 2022, and PayPal names December 6 to 8 as well as December 20 as the dates when this breach was taking place. During those time windows, the attacker was able to view, and possibly acquire, most of the sensitive data tied to a PayPal account.

PayPal issued a warning to the users whose data may have been compromised. In the report, PayPal states: “The personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth.”

It’s possible that invoicing data and credit card or debit card details may have been accessed. It’s unclear what will happen to the stolen data, but it’s safe to assume that some form of identity theft or phishing is in the cards.

Daily reminder to not re-use your passwords

The company didn’t divulge how exactly the attackers were able to access the accounts, although it claims it hasn’t found evidence of hackers stealing the user data directly from PayPal’s systems. On the other hand, Bleeping Computer reports that the attackers were able to hack into the accounts through credential stuffing. This means that they may have tried to use login credentials stolen elsewhere — in massive quantities — until some of them worked.

As a response to the attack, PayPal reset the passwords on all of the accounts that were affected. If your account was one of them, you’ll be asked to set up a new password the next time you try to log in. PayPal is also giving each of those users a two-year subscription to Equifax, an identity monitoring service.

In order to protect yourself from similar attacks, make sure to not use the same login credentials (password and username or email) across multiple websites and apps. In addition, it’s always a good idea to set up two-factor authentication on services like PayPal in order to be extra sure that your data is safe from attacks.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Personal data of 69 million Neopets users is now up for sale after a data breach
Person typing on a computer keyboard.

Neopets, an aged website that lets users keep virtual pets and take care of them, just suffered a major data breach. Aside from the personal data of over 69 million users, the hacker was able to obtain the website's source code.

This isn't the first time Neopets has faced a massive leak, but this time around, user data is currently being sold for crypto -- and the leak includes more than just usernames and passwords.

Read more
Websites may be logging your email and password without you knowing
A digital encrypted lock with data multilayers.

An extensive study reveals that up to 3% of websites may collect your form inputs even before you ever press "Submit." That's right -- even if you type something and then delete it, these websites will still record your keystrokes and remember the things you chose not to input.

The data, collected without your knowledge and consent, can contain some of the most personal information, that can later be used for various purposes, such as targeted ads.

Read more
Don’t use a free VPN — you’ll be putting your data at risk
A close-up of a computer monitor displaying a generic VPN.

With money tight, it's super tempting to go with a free VPN, right? You really shouldn't. At least not for long-term use. Sure, some of the best free VPNs could be worth checking out if you're desperate but for the most part, you really need to sign up to the best VPN that costs money. Once you've delved into knowing exactly what a VPN is, it should make a lot of sense why going a paid route is a better option. If you're still not sure, read on while we break it down for you.
A free VPN is rarely truly free
Okay, we're not saying that signing up for a free VPN will cost you money but have you ever thought about how such a service can be free? Simply put, there's always a catch.

Many free VPNs make money from two potential sources and neither is good for you. Some earn money by inundating you with advertisements, meaning you'll see more ads while you browse online. That soon gets incredibly irritating and against the spirit of using a VPN in many cases.

Read more