Between December 6th and December 8th, 2022, PayPal reports that they experienced a large-scale credential stuffing attack targeting their users. The attackers successfully breached 34,942 accounts before this attack was detected and mitigated by PayPal – rotating the account credentials of affected users and notifying them via email of the breach. PayPal also offered affected users a free two-year identity monitoring service from Equifax. While the attackers had full access to the accounts during the two-day period, there were no attempts made at performing any actions on the accounts. PayPal indicated that their systems were not breached in any way and that the credentials were not obtained directly from them.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.