PayPal

PayPal, a popular online payment platform, notified users of breached accounts as a result of credential stuffing attacks between December 6 and 8. Unauthorized parties compromised almost 35,000 accounts with access to full names, dates of birth, postal addresses, Social Security numbers, individual tax identification numbers, transaction histories, connected credit or debit card details, and PayPal invoicing data. PayPal stopped the intrusion and reset passwords for compromised accounts. PayPal stated that no personal information was misused or unauthorized transactions attempted, and it offered two years of free credit monitoring. Users are highly advised to update passwords for any online accounts where the compromised password was reused to protect against account compromise, refrain from password reuse, and enable multi-factor authentication (MFA). Affected users who suspect their PII has been compromised should review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources.