Hackers steal the PayPal account of thousands of users, do this now

PayPal is a widely used service to pay online and receive money. Cybercriminals have tried many times to launch attacks to steal accounts and in this article we echo a new one. They have been able to access several tens of thousands of accounts , so many users around the world have been affected. We are going to explain what this threat consists of and what you can do to protect your account.

Thousands of PayPal accounts stolen

Hackers steal the PayPal account of thousands of users

Specifically, it is estimated that it has affected some 35,000 accounts . Hackers have used the method known as Credential Stuffing. It basically means that attackers try to break into an account by trying previously leaked passwords and usernames. For example, if you are registered in an Internet forum and for some reason that website has been attacked or there has been a problem, your credentials could have ended up in the wrong hands. Those same attackers are going to try their luck and see if the data matches PayPal.

To test thousands and thousands of accounts, what they do is use bots. Those bots are going to run lists of leaked credentials and see if the PayPal account can be logged in or not. If it matches that person is using the same password that was previously stolen, they will be able to break into the account.

As indicated by PayPal, these attacks have taken place during the past month of December. The company detected and mitigated this, but they are still investigating to find out exactly how they were able to obtain those access keys. Note that this is not a PayPal vulnerability.

The attackers have obtained data such as full names, dates of birth, addresses, tax identification numbers, etc. The positive, according to reports, is that the attackers did not manage to carry out any economic transaction.

Facturas falsas por PayPal

What to do to avoid problems

If you have PayPal and you have doubts about whether they have been able to enter your account or you simply want to prevent it, without a doubt it is best to change the access code . But you must use a unique password, that you are not using anywhere else. This is precisely what has allowed attackers to enter and if you use a key in several services, they can steal your account.

Ideally, the password should have letters (both uppercase and lowercase), numbers, and other special symbols. It is important that it has an adequate length and of course that you are not using it anywhere else. You can use KeePass or any other key manager to manage it correctly.

But if there is something essential today, it is to activate two-step authentication . What does this mean? It is an extra security barrier that you will be able to apply to your account. Basically it is a second step that must be carried out beyond entering the username and password. For example, it is usually a code that comes to you by SMS.

In short, as you can see, they have been able to steal thousands of PayPal accounts. If you use the same password that you use in other services or pages, it is essential that you take measures to protect yourself. Change your password, enable two-step authentication, and make sure your device is protected.