search

vz-risk / VCDB

VERIS Community Database
Other
574 stars 179 forks source link

PayPal accounts breached in large-scale credential stuffing attack #19376

Open swidup opened 1 year ago

swidup commented 1 year ago

https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/

swidup commented 1 year ago

https://www.legalscoops.com/paypal-data-breach-exposes-personal-information-of-35000-users/

etgifford commented 10 months ago

https://www.documentcloud.org/documents/23578067-paypal-notice?responsive=1&title=1 Paypal notification letter. https://www.documentcloud.org/documents/23578067-paypal-notice?responsive=1&title=1; https://www.jdsupra.com/legalnews/paypal-inc-announces-data-breach-9072961/

etgifford commented 10 months ago

PayPal, HQ: San Jose, CA, EMP: 29900, NIACS: 52522 (credit cards and transaction processing, and finance) learned on Dec 20, 2022 that unauthorized parties were able to access 34,942 customer accounts through credential stuffing attacks. The attacks occurred between December 6 and December 8, 2022. The company started mitigating the attacks as soon as they learned of them on Dec 20, 2022. Data accessed on the customer account: full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers. Notification of customers impacted started Jan 18, 2023. Impacted users will receive a free identity monitoring service from Equifax for two years.