Almost 35,000 PayPal accounts breached using known credentials

Hacker hacking on a laptop.
(Image credit: GETTY - boonchai wedmakawand)

Another friendly PSA to update those passwords, especially if you use the same ones across multiple accounts. Another breach has occurred, and it looks like attackers are using known login information used across multiple websites to get your data. This means an innocent little login on a long forgotten website might give bad actors access to more important things like your PayPal account.

According to Bleeping Computer, 34,942 PayPal users have been affected by this latest credential stuffing attack on its systems. Credential stuffing is an automated approach where as many known logins as possible are stuffed into a website, which is why password recycling is a problem. 

Many websites won't have the kind of security that, say, your bank or PayPal will employ to protect your personal details. It makes sense: most people don't store their valuables in a plastic safe, but you also wouldn't put the PIN to your real safe inside one. If you're using the same password, especially if combined with the same login across multiple sites, it just makes things that much easier for the bad guys.

PayPal has found this attack took place in early December 2022, and after investigating was able to confirm the likelihood of credential stuffing being used.

Peak Storage

SATA, NVMe M.2, and PCIe SSDs on blue background

(Image credit: Future)

Best SSD for gaming: the best solid state drives around
Best PCIe 4.0 SSD for gaming: the next gen has landed
The best NVMe SSD: this slivers of SSD goodness
Best external hard drives: expand your horizons
Best external SSDs: plug in upgrades for gaming laptops and consoles

For the two days the attack was running, hackers had access to all sorts of personal information, including full names, birth dates, address, social security numbers, and tax identification. They could also see PayPal transaction details that include credit card and bank information. 

But what's kind of weird is they didn't do anything with this information. At least, not yet. PayPal hasn't found evidence of the attackers trying to make transactions, or anything else from the sounds of things. It's uncertain if this was the efforts of someone simply seeing if they could, like the recent exposer of the TSA no-fly-list, or if we should expect more nefarious actions to follow. 

PayPal has changed passwords and notified impacted users, along with providing two years worth of pro bono Equifax identity monitoring to keep an eye on things. The company recommends everyone enable two-factor authentication to help protect against these attacks in future, and of course change and stop recycling your passwords. Especially in places you plan to keep important stuff like your identity. 

Hope Corrigan
Hardware Writer

Hope’s been writing about games for about a decade, starting out way back when on the Australian Nintendo fan site Vooks.net. Since then, she’s talked far too much about games and tech for publications such as Techlife, Byteside, IGN, and GameSpot. Of course there’s also here at PC Gamer, where she gets to indulge her inner hardware nerd with news and reviews. You can usually find Hope fawning over some art, tech, or likely a wonderful combination of them both and where relevant she’ll share them with you here. When she’s not writing about the amazing creations of others, she’s working on what she hopes will one day be her own. You can find her fictional chill out ambient far future sci-fi radio show/album/listening experience podcast right here. No, she’s not kidding. 

Read more
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
Path of Exile 2 early access class key art
Around 66 accounts in Path of Exile 2 were compromised, due to a one-two punch of an old unused Steam account and a backend bug
A Path of Exile 2 sorceress casting flaming skulls in a hellish landscape
'We are incredibly sorry': Path of Exile 2 devs apologise for data breach that saw 66 accounts snatched and personal info potentially stolen
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
The Buffalo RUF3-KEV USB drive on a red-orange gradient
This USB flash drive has a built-in anti-malware system, but I still wouldn't use one I found in a parking lot
A computer screen with program code warning of a detected malware script program. 3d illustration
Second Steam listing this year found hiding 'new and clever' malware. This time through a fake demo link on developer's website
Latest in Hardware
A Gigabyte RTX 5070 Ti Eagle OC Ice on a desk and installed in a gaming PC.
Gigabyte GeForce RTX 5070 Ti Eagle OC Ice SFF review
A late afternoon view shows two young women walking past a wall-sized anime mural along Chuo-dori (Central Avenue) in the Akihabara district (known as Electric Town for its maze of electronics stores, but currently considered an almost sacred destination by members of Japan's otaku culture, drawn to Akihabara's video game centers, maid cafes, anime shops, and manga comics), located in Chiyoda Ward in central Tokyo, Japan.
OpenAI's GPT-4o model gets image generation update for all of your anime-style selfie needs
A Nacon Rig Streamstar M2 microphone on white gravel, shot in 3/4 profile
Nacon Rig M2 Streamstar review
1X Technologies humanoid robot, the Neo Gamma, standing alongside Nvidia CEO Jensen Huang. Huang is wearing an ERL-made studded leather jacket.
Humanoid robot Neo Gamma gifts Nvidia CEO a studded leather jacket and may even be able to one day wash up a cup without dropping it
Razer Blade 16 (2025) gaming laptop
Nvidia RTX 5090 mobile tested: The needle hasn't moved on performance but this is the first time I'd consider ditching my desktop for a gaming laptop
A woman wearing a VR headset with dramatic, colourful lighting across the background
'World’s smallest LEDs' could lead to accurately lit screens with 127,000 pixels per inch and much more immersive VR
Latest in News
starcraft 2 face
StarCraft fans taunted by the announcement of a new StarCraft... board game
kingdom come: deliverance 2 henry looks confused
'Medieval Batman' completes Kingdom Come: Deliverance 2 pacifist playthrough with zero kills and 535 knockouts
SUQIAN, CHINA - OCTOBER 6, 2024 - Illustration Tencent's plan to buy Ubisoft, Suqian, Jiangsu province, China, October 6, 2024. (Photo credit should read CFOTO/Future Publishing via Getty Images)
Ubisoft and Tencent are forming a new company that will take control of its most successful franchises: Assassin's Creed, Far Cry, and Rainbow Six
A motley crew riding out in point-and-click adventure Rosewater
Promising '90s style point-and-clicker Rosewater rides out today, featuring trail-worn cowpoke authors and weird alt-universe science
A girl cheering in Everybody's Golf Hot Shots.
My favourite, most underrated anime golf game series is actually getting a PC entry for the first time in its nearly 30-year history
A shock trap transformed into a Lego brick in Monster Hunter Wilds.
A modder keeps turning Monster Hunter traps into Lego bricks so that the monsters will know true pain, and they've just done it again