About 35,000 PayPal users have been hacked, Bleeping Computer reported, noting that users have begun receiving notifications that their accounts have been compromised in a data spoofing attack.
This is a type of attack in which hackers try to gain access to a given account using real data stolen from another resource of the same person. Users using the same password on different platforms are the target of this attack.
According to PayPal, the attack took place between Dec. 6 and 8 in 2022. Upon discovering this, the company launched an internal investigation, which concluded on Dec. 20 and confirmed that unauthorized third parties had access to user accounts.
The attack affected 34,942 of the platform's customers. Over the course of two days, hackers gained access to account holders' full names, dates of birth, mailing addresses, Social Security numbers and individual taxpayer identification numbers, as well as transaction history, credit or debit card information linked to the account, and PayPal payment information.
PayPal said it had restricted the attackers' access to the platform and changed the passwords of affected users. The platform also claimed that the attackers did not attempt or make any transactions from the compromised accounts.
It a statement PayPal said "no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account."
The company announced that affected users will be given a free Equifax credit monitoring service for two years. PayPal also urged affected customers to change passwords for other accounts and enable two-factor authentication.