PayPal data breach affects thousands of users

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

PayPal data breach overview: 

• Who: PayPal revealed that it suffered a data breach as a result of a credential stuffing attack that exposed the personal information of nearly 35,000 of its users. 
• Why: PayPal says the data breach was the result of a credential stuffing attack but that it found no evidence the threat actor obtained the stolen credentials from it directly.
• Where: PayPal is used by consumers nationwide.

PayPal has notified its users of a data breach the e-commerce company says it suffered as a result of a credential stuffing attack that it says exposed some personal data of nearly 35,000 users. 

The data breach reportedly occurred between Dec. 6 and 8, 2022, according to PayPal, which said it was able to both detect and mitigate the breach at that time. 

PayPal said that it also conducted an internal investigation — which concluded Dec. 20 — into determining how the bad actors were able to gain access to the compromised accounts. 

The company ultimately found the unauthorized third parties were able to log into the affected PayPal accounts using valid credentials. 

PayPal said it found no evidence the stolen user credentials were acquired from them directly and that the data breach was not due to any sort of breach on the company’s systems. 

The data breach granted hackers access to impacted PayPal account holders full names, birthdates, Social Security numbers, postal addresses and individual tax identification numbers. 

PayPal says it mitigated data breach by limiting access and resetting passwords of compromised accounts

Other information that may have been compromised during the PayPal data breach includes transaction histories and connected credit or debit card details, along with company invoicing data. 

PayPal said it mitigated the data breach by limiting the bad actors’ access to the platform and by resetting the passwords for accounts that it confirmed had been compromised. 

The company also reassured users it found no evidence the bad actors either attempted to or managed to perform an unauthorized transaction from an affected PayPal account. 

“We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account,” PayPal said. 

A class action lawsuit was filed against PayPal last year by a consumer arguing the company fails to reimburse its customers who suffer losses as a result of fraud on its Venmo mobile payment service. 

Have you been impacted by a data breach? Let us know in the comments.

Read About More Class Action Lawsuits & Class Action Settlements:

• T-Mobile data breach exposes data of 37M customers
• AMC class action claims streaming service shares viewer data with Facebook
• Class action lawsuit claims Twitter API defect allowed data breach
• Class action alleges Apple records users’ private data, activity