According to PayPal, cyber criminals used stolen credentials from other data breaches to gain access to the accounts of about 35 thousand users.
Also known as password reuse, this is an attack where cyber criminals try to gain access to an account by testing the matching of username and password from previous data breaches that ended up in the underground. PayPal clearly noted that there was no breach of its systems, but login credentials were obtained through credential stuffing. Cyber criminals gained access to the full name, date of birth, mailing address, social security number, and social security number of nearly 35,000 users.
How to protect yourself from credential stuffing
Best practices to protect against cyberattacks include using different passwords on all services. Credentials should be unique for each service so that, in the event of a data breach, matching logins and passwords will not lead to breaches on additional services.