Internet

Care! They steal the PayPal account of thousands of users, do this now

Thousands of PayPal accounts stolen

Specifically, it is calculated that has affected about 35,000 accounts. Hackers have used the method known as Credential Stuffing. It basically means that attackers try to break into an account by trying previously leaked passwords and usernames. For example, if you are registered in an Internet forum and for some reason that website has been attacked or there has been a problem, your credentials could have ended up in the wrong hands. Those same attackers are going to try their luck and see if the data matches PayPal.

To test thousands and thousands of accounts, what they do is use bots. Those bots are going to execute leaked credential lists and see if the PayPal account can be logged in or not. If it matches that person is using the same password that was previously stolen, they will be able to break into the account.

As indicated by PayPal, these attacks have taken place during the past month of December. The company detected and mitigated this, but they are still investigating to find out exactly how they were able to obtain those access keys. Note that this is not a PayPal vulnerability.

The attackers have obtained data such as full names, dates of birth, addresses, tax identification numbers, etc. The positive, according to reports, is that the attackers did not manage to carry out any economic transaction.

Fake invoices by PayPal

What to do to avoid problems

If you have PayPal and you have doubts about whether they have been able to enter your account or you simply want to prevent, without a doubt, it is best that change the password. But you must use a unique password, that you are not using anywhere else. This is precisely what has allowed attackers to enter and if you use a key in several services, they can steal your account.

Ideally, the password should have letters (both uppercase and lowercase), numbers, and other special symbols. It is important that it has an adequate length and of course that you are not using it anywhere else. You can use KeePass or any other key manager to manage it correctly.

But if there is something fundamental today it is enable two-factor authentication. What does this mean? It is an extra security barrier that you will be able to apply to your account. Basically it is a second step that must be carried out beyond entering the username and password. For example, it is usually a code that comes to you by SMS.

In short, as you can see, they have been able to steal thousands of PayPal accounts. If you use the same password that you use in other services or pages, it is essential that you take measures to protect yourself. Change your password, enable two-step authentication, and make sure your device is protected.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *