Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
PayPal data breach overview:
- Who: PayPal revealed that it suffered a data breach as a result of a credential stuffing attack that exposed the personal information of nearly 35,000 of its users.
- Why: PayPal says the data breach was the result of a credential stuffing attack but that it found no evidence the threat actor obtained the stolen credentials from it directly.
- Where: PayPal is used by consumers nationwide.
PayPal has notified its users of a data breach the e-commerce company says it suffered as a result of a credential stuffing attack that it says exposed some personal data of nearly 35,000 users.
The data breach reportedly occurred between Dec. 6 and 8, 2022, according to PayPal, which said it was able to both detect and mitigate the breach at that time.
PayPal said that it also conducted an internal investigation — which concluded Dec. 20 — into determining how the bad actors were able to gain access to the compromised accounts.
The company ultimately found the unauthorized third parties were able to log into the affected PayPal accounts using valid credentials.
PayPal said it found no evidence the stolen user credentials were acquired from them directly and that the data breach was not due to any sort of breach on the company’s systems.
The data breach granted hackers access to impacted PayPal account holders full names, birthdates, Social Security numbers, postal addresses and individual tax identification numbers.
PayPal says it mitigated data breach by limiting access and resetting passwords of compromised accounts
Other information that may have been compromised during the PayPal data breach includes transaction histories and connected credit or debit card details, along with company invoicing data.
PayPal said it mitigated the data breach by limiting the bad actors’ access to the platform and by resetting the passwords for accounts that it confirmed had been compromised.
The company also reassured users it found no evidence the bad actors either attempted to or managed to perform an unauthorized transaction from an affected PayPal account.
“We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account,” PayPal said.
A class action lawsuit was filed against PayPal last year by a consumer arguing the company fails to reimburse its customers who suffer losses as a result of fraud on its Venmo mobile payment service.
Have you been impacted by a data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
1,203 thoughts onPayPal data breach affects thousands of users
Please add me. I have ignored pay pal trying to reach me when I hadn’t used it in awhile
add me I have had someone trying to connect charges to my account.
Add me please
Please add me
Add me please. I’ve had several attempts of people trying to get money from my account and I have no idea who they are.
I have a pay pal card. I haven’t given out any of my personal information. A attorney may contact me. Add my name to the investigation
Please include me I’ve had PayPal for years
I have had paypal for a while. I would like to be apart of this
For over a year I have been getting invoices from Paypal about things I haven’t bought
Add Me I have PayPal