Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
PayPal data breach overview:
- Who: PayPal revealed that it suffered a data breach as a result of a credential stuffing attack that exposed the personal information of nearly 35,000 of its users.
- Why: PayPal says the data breach was the result of a credential stuffing attack but that it found no evidence the threat actor obtained the stolen credentials from it directly.
- Where: PayPal is used by consumers nationwide.
PayPal has notified its users of a data breach the e-commerce company says it suffered as a result of a credential stuffing attack that it says exposed some personal data of nearly 35,000 users.
The data breach reportedly occurred between Dec. 6 and 8, 2022, according to PayPal, which said it was able to both detect and mitigate the breach at that time.
PayPal said that it also conducted an internal investigation — which concluded Dec. 20 — into determining how the bad actors were able to gain access to the compromised accounts.
The company ultimately found the unauthorized third parties were able to log into the affected PayPal accounts using valid credentials.
PayPal said it found no evidence the stolen user credentials were acquired from them directly and that the data breach was not due to any sort of breach on the company’s systems.
The data breach granted hackers access to impacted PayPal account holders full names, birthdates, Social Security numbers, postal addresses and individual tax identification numbers.
PayPal says it mitigated data breach by limiting access and resetting passwords of compromised accounts
Other information that may have been compromised during the PayPal data breach includes transaction histories and connected credit or debit card details, along with company invoicing data.
PayPal said it mitigated the data breach by limiting the bad actors’ access to the platform and by resetting the passwords for accounts that it confirmed had been compromised.
The company also reassured users it found no evidence the bad actors either attempted to or managed to perform an unauthorized transaction from an affected PayPal account.
“We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account,” PayPal said.
A class action lawsuit was filed against PayPal last year by a consumer arguing the company fails to reimburse its customers who suffer losses as a result of fraud on its Venmo mobile payment service.
Have you been impacted by a data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
1,203 thoughts onPayPal data breach affects thousands of users
Add me please
I believe that they may be the source of my personal information breech. How can I prove this?! Does Paypal have a list of the individuals involved?!?
Add me please.
I’ve had my PayPal locked and someone has taken mo ey from me also
I need to be added I have a lot of money owed to me they just keep dragging it out with very few refunds my PayPal was breached they took everything while I was in and out of hospital
Add me
I have had many issues with my PayPal account, also other accounts that I did not have that are in my name. Not to mention all of the spam emails I keep getting regarding PayPal saying I won something or problems with my account, I don’t open them, not knowing if it is a scam, but still worrysome. Please add me.
Add me
I have been
I’ve received an email on more than one occasion from PayPal stating that I had a breach of personal information. I tried to contact him to find out exactly what that meant and I didn’t get a response.
Please add me to the PayPal lawsuit
please add me
They have my personal info in there system,haven’t used in while but.my information is in your system nonetheless add me!!