PayPal says crooks poked around 35,000 accounts in credential stuffing attack

The personal information of 35,000 PayPal users was exposed in December, according to a notification letter sent to the online payment company’s customers this week.

PayPal attributed this privacy breach to “unauthorized parties,” who accessed accounts using customer login credentials. That is to say, whoever got into the accounts had found out or guessed their victims’ usernames and passwords, possibly by taking the creds from another site where people have reused the same login details.

Read more…
Source: The Register