Skip to main content

If you use PayPal, your personal data may have been compromised

PayPal has recently suffered a massive data breach, and if you were one of the affected users, your details may have been leaked. Given the nature of a PayPal account, the exposed data includes some of the most sensitive information, which could put those users at risk of identity theft.

The company is taking steps to protect the accounts from further damage. Here’s what we know about what happened and how to protect yourself.

A person holds a mobile phone with the PayPal app open.
PayPal

According to PayPal, an unauthorized third party was able to access close to 35,000 PayPal accounts. This took place in December 2022, and PayPal names December 6 to 8 as well as December 20 as the dates when this breach was taking place. During those time windows, the attacker was able to view, and possibly acquire, most of the sensitive data tied to a PayPal account.

Recommended Videos

PayPal issued a warning to the users whose data may have been compromised. In the report, PayPal states: “The personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth.”

It’s possible that invoicing data and credit card or debit card details may have been accessed. It’s unclear what will happen to the stolen data, but it’s safe to assume that some form of identity theft or phishing is in the cards.

Daily reminder to not re-use your passwords

The company didn’t divulge how exactly the attackers were able to access the accounts, although it claims it hasn’t found evidence of hackers stealing the user data directly from PayPal’s systems. On the other hand, Bleeping Computer reports that the attackers were able to hack into the accounts through credential stuffing. This means that they may have tried to use login credentials stolen elsewhere — in massive quantities — until some of them worked.

As a response to the attack, PayPal reset the passwords on all of the accounts that were affected. If your account was one of them, you’ll be asked to set up a new password the next time you try to log in. PayPal is also giving each of those users a two-year subscription to Equifax, an identity monitoring service.

In order to protect yourself from similar attacks, make sure to not use the same login credentials (password and username or email) across multiple websites and apps. In addition, it’s always a good idea to set up two-factor authentication on services like PayPal in order to be extra sure that your data is safe from attacks.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Use Comcast for internet? Your personal data may have been hacked
A building with the Xfinity logo on it.

Comcast, alongside several other big corporations, has recently suffered a devastating data breach. According to reports, it's possible that hackers got their hands on the data of up to 36 million Comcast Xfinity customers, meaning the company's cable television and internet department. Although the company is pretty tight-lipped about it, the data breach occurred over two months ago. Here's what we know and what you should do to protect yourself.

The hackers were able to access those masses of customer information through a vulnerability known as "CitrixBleed." It's found in Citrix networking devices that Comcast and other huge corporations use. The exploit was initially discovered in August and appears to have been used in cyberattacks on not just Comcast but also many other companies, including Boeing.

Read more
If you have a Gigabyte motherboard, your PC might stealthily download malware
A Gigabyte Aorus Extreme motherboard.

Yet another motherboard manufacturer seems to be in trouble -- or rather, the people who own those motherboards might be. According to security researchers, countless Gigabyte boards might be vulnerable to dangerous cyberattacks.

If you want to be extra safe, there are a couple of things you can do to protect your PC. Here's what we know.

Read more
Your Windows 11 screenshots may not be as private as you thought
Person sitting and using an HP computer with Windows 11.

When you capture a screenshot and crop out sensitive information, it's still possible to recover a portion of the image that was supposedly removed in some circumstances.

This isn't the first time redacted documents have turned out to have left hidden data intact and readable with the right tools and knowledge. A recent bug in Google's Markup tool for the Pixel phone, humorously dubbed the "Acropalypse," shows this issue might be surprisingly common.

Read more