PayPal is notifying 1000 users of data breaches because their accounts were compromised as a result of credential stuffing assaults.
Threat actors gained access to user names, addresses, Social Security numbers, personal tax identification numbers, dates of birth, and, of course, transaction histories. The corporation is sending breach notification letters to the impacted clients.
When users log in to their accounts for the next time, PayPal will force them to create new passwords as it has reset the passwords of the affected accounts.
In addition to fraud warnings and up to $1 million in identity theft insurance coverage for a specific list of out-of-pocket expenses brought on by identity theft, the financial technology business is providing two years of Equifax identity monitoring services to the affected clients.
Source: https://securityaffairs.com/141072/data-breach/paypal-data-breach-credential-stuffing.html
"id": "PAY225181023",
"linkid": "paypal",
"type": "Data Leak",
"date": "01/2023",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"