Skip to main content

If you use PayPal, your personal data may have been compromised

PayPal has recently suffered a massive data breach, and if you were one of the affected users, your details may have been leaked. Given the nature of a PayPal account, the exposed data includes some of the most sensitive information, which could put those users at risk of identity theft.

The company is taking steps to protect the accounts from further damage. Here’s what we know about what happened and how to protect yourself.

A person holds a mobile phone with the PayPal app open.

According to PayPal, an unauthorized third party was able to access close to 35,000 PayPal accounts. This took place in December 2022, and PayPal names December 6 to 8 as well as December 20 as the dates when this breach was taking place. During those time windows, the attacker was able to view, and possibly acquire, most of the sensitive data tied to a PayPal account.

PayPal issued a warning to the users whose data may have been compromised. In the report, PayPal states: “The personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth.”

It’s possible that invoicing data and credit card or debit card details may have been accessed. It’s unclear what will happen to the stolen data, but it’s safe to assume that some form of identity theft or phishing is in the cards.

Daily reminder to not re-use your passwords

The company didn’t divulge how exactly the attackers were able to access the accounts, although it claims it hasn’t found evidence of hackers stealing the user data directly from PayPal’s systems. On the other hand, Bleeping Computer reports that the attackers were able to hack into the accounts through credential stuffing. This means that they may have tried to use login credentials stolen elsewhere — in massive quantities — until some of them worked.

As a response to the attack, PayPal reset the passwords on all of the accounts that were affected. If your account was one of them, you’ll be asked to set up a new password the next time you try to log in. PayPal is also giving each of those users a two-year subscription to Equifax, an identity monitoring service.

In order to protect yourself from similar attacks, make sure to not use the same login credentials (password and username or email) across multiple websites and apps. In addition, it’s always a good idea to set up two-factor authentication on services like PayPal in order to be extra sure that your data is safe from attacks.

Editors' Recommendations

Monica J. White
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Your Siri conversations may have been recorded without your permission
iOS 16 and Mac Ventura on Apple devices.

Apple has patched a security flaw that left macOS and iOS devices vulnerable to having interactions with Siri spied upon and recorded when using accessories such as AirPods or Beats headsets via Bluetooth.

The flaw, which is now referred to as vulnerability CVE-2022-32946, was discovered by app developer Guilherme Rambo, according to Apple Insider.

Read more
Chrome extensions with 1.4M users may have stolen your data
Google Chrome icon in mac dock.

McAfee researchers have discovered various Google Chrome extensions that steal browsing activity, with the add-ons racking up more than a million downloads.

As reported by Bleeping Computer, threat analysts at the digital security company have come across a total of five such malicious extensions.

Read more
A data breach can cost millions of dollars — and you might be paying it
A dark mystery hand typing on a laptop computer at night.

According to a recent report from IBM Security, data breach costs are constantly on the rise. Unfortunately, this spells bad news not just for the companies involved, but also for the customers -- in more ways than one.

The report, which states that an average data breach is now estimated to cost $4.4 million, exposes the fact that the skyrocketing costs of data breaches directly affect the prices paid by the end customer.

Read more