Massive Credential Stuffing Campaign Hits 35,000 PayPal Users


PayPal this week notified tens of thousands of US customers that their logins had been used successfully to access their accounts over a month ago.

The unauthorized access occurred between December 6 and December 8 last year, after which time the firm realized what was happening and “eliminated access” for the threat actors.

“During this time, the unauthorized third parties were able to view, and potentially acquire, some personal information for certain PayPal users,” the firm said in a breach notification letter posted to the Maine attorney general’s office.

Read more…