Thousands Of PayPal Accounts Hacked—Is Yours One Of Them?

Topic

New Reply

https://www.documentcloud.org/documents/23578067-paypal-notice

NOTICE OF SECURITY INCIDENT

Dear <First Name>,

Protecting the security of our customers’ information is very important to us. We are writing to inform you about an incident that may have impacted your PayPal account. We want to make clear at the outset that keeping your personal data safe and secure is and will continue to be a priority moving forward.

WHAT HAPPENED?

On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials. We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account. There is also no evidence that your login credentials were obtained from any PayPal systems. Based on PayPal’s investigation to date, we believe that this unauthorized activity occurred between December 6, 2022, and December 8, 2022, when we eliminated access for unauthorized third parties. During this time, the unauthorized third parties were able to view, and potentially acquire, some personal information for certain PayPal users. We have not delayed this notification as a result of any law enforcement investigation.

WHAT INFORMATION WAS INVOLVED?

The personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth…

4 users thanked author for this post.

Pim, Cybertooth, Mr. Austin, SueW

Reply | Quote

Replies

Is that report even real or is it just a template that PP use when they identify unathorised access?

cheers, Paul

1 user thanked author for this post.

Goldie Oldie

Reply | Quote

Statement sounds like it was written by a lawyer trying to shield PayPal from liability, not by someone who was sincerely trying to repair the damage done.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account. There is also no evidence that your login credentials were obtained from any PayPal systems.

“We have no information suggesting…” – in other words, they just don’t know for sure what is being done with your personal information.

I shut down my PayPal account several months ago. I hope my information wasn’t still in their database when the hacking occurred.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

1 user thanked author for this post.

Alex5723

Reply | Quote

Paul T wrote:

Is that report even real

This is not a report. This is a copy of email received by PayPal customers.

Reply | Quote

Alex5723 wrote:

This is a copy of email received by PayPal customers.

Is it? It looks to me more like a letter sent via physical mail.

Has anyone here received this notice? My wife and I both have PayPal accounts, and she manages another account for a local charity she’s involved with. However, our three accounts have received no email nor physical mail from PayPal (other than the ubiquitous “sign up for a PayPal credit card” junk mail the post office always delivers). That leads me to only three conclusions:

• the letter is fake;
• the letter is real and our three copies are “in the mail” and haven’t been delivered yet;
• the letter is real but none of our three accounts were part of the breach.

So I’m not sure what to make of this report. It would help to know if others have received this notice from PayPal. If it’s real, how widespread is this?

 

Reply | Quote

I have a Paypal account  but I did not receive that email nor a letter about that topic.

Reply | Quote

This only affected a tiny percentage of their users.

Reply | Quote

Alex5723 wrote:

This is a copy of email received by PayPal customers

No, it’s a template for a mail out, as can be seen from the screenshot.

cheers, Paul

Reply | Quote

dg1261 wrote:

So I’m not sure what to make of this report. It would help to know if others have received this notice from PayPal. If it’s real, how widespread is this?

I have a PayPal account. I’ve received no email nor physical notification of any such breech (although, I’m currently in the middle of a change of country, so it’s possible that there’s a letter waiting at my old address)

Until I hear anything more concrete I’m filing this under “vaguely concerning, but nothing to panic about yet”

(I’ll change my password though)

Reply | Quote

I don’t have PayPal and my worry bin is full.

Is there any independent documentation that such a notice is genuine and has been mailed to PayPal customers?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

https://www.forbes.com/sites/daveywinder/2023/01/19/thousands-of-paypal-accounts-hacked-is-yours-one-of-them/?sh=650d7f623a6b

1 user thanked author for this post.

Nibbled To Death By Ducks

Reply | Quote

According to the Forbes article, “The official notification [has] been sent to all affected account holders”, and “The total number of accounts that were accessed […] is reported as being 34,942.”

That puts a lot of perspective on the issue. With over 425 million active users, math tells me the breach affected only about 0.008% of users.

That explains why any individual user is highly unlikely to get a notice. Nothing here worth getting worked up about.

 

4 users thanked author for this post.

JohnW, Nibbled To Death By Ducks, Paul T, satrow

Reply | Quote

dg1261 wrote:

That explains why any individual user is highly unlikely to get a notice. Nothing here worth getting worked up about.

I thank you for the perspective. It appears that the Gods of Panic and Fear (Phobos and Deimos?) have been appeased and put down. .008%. Hmm.

This is one of the happier times when the howling in the Security Media came to less than The Initial Awful Dread. I find that certain sources in The Security Media, besides being very useful, can sometimes go off the deep end in initial reportage. Not always, not even mostly. But sometimes. And that, sometimes, seems too often.

IMHO.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

dg1261 wrote:

the breach affected only about 0.008% of users

Consistent with users reusing passwords that have been exposed in breaches.

Get a password manager and use it.

cheers, Paul

1 user thanked author for this post.

WSbobby-p

Reply | Quote

Nibbled To Death By Ducks wrote:

This is one of the happier times when the howling in the Security Media came to less than The Initial Awful Dread.

A single small breach is usually followed by an bigger breach.

https://www.askwoody.com/forums/topic/t-mobile-has-been-hacked-again-impacting-37-million-accounts/

https://www.askwoody.com/forums/topic/u-s-water-and-wastewater-systems-wws-sector-facilities-breached-multiple-time/

Reply | Quote