This means that anyone using the same password across multiple accounts has a higher chance of being caught in this attack.
The cybercriminals used a credential-stuffing attack to gain access to these accounts.Ī credential-stuffing attack automatically forces its way into an account by using re-used credentials from other services. The attack was launched between December 6 - 8, 2022.
According to the report released by PayPal, hackers managed to gain unauthorized access to at least 34,942 accounts.