PayPal has issued a statement in which the company informed users that they have fallen victim to a security breach.
The official notice has been published online and states that between December 6 and 8 of last year criminals managed to hack the accounts of ‘certain PayPal users’ and ‘potentially acquire names, addresses, social security numbers, individual tax identification numbers, and/or dates of birth’.
Upon further investigation, a brief consultation with the Attorney General Office of the US state Maine reveals that the number of those accounts affected by the breach are close to 35,000.
The nature of the breach is described as ‘credential stuffing’ which is where attempts are made to gain unauthorised access to accounts by inputting various name and password combinations acquired from websites that illegally provide them.
PayPal’s notice of the security incident advises users to use different passwords and turn on two-factor account authentication in order to avoid future incidents.
Assessing the situation, the notice assured users that all necessary steps have been taken to stop the attacks from causing further damage and that there is “no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorised transactions on your account”.
As a means of compensation, PayPal has offered affected users a two-year free service subscription to the consumer credit reporting agency Equifax which includes up to $1,000,000 of identity theft insurance coverage and more.