bleepingcomputer[.]com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack/
PayPal explains that the credential stuffing attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time but also started an internal investigation to find out how the hackers obtained access to the accounts.
According to the data breach reporting from PayPal, 34,942 of its users have been impacted by the incident. During the two days, hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.