PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.

Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.

This type of attack relies on an automated approach with bots running lists of credentials to “stuff” into login portals for various services.

Credential stuffing targets users that employ the same password for multiple online accounts, which is known as “password recycling.”


credits @avoidthehack@mastodon.social