PayPal, one of the world’s largest online payment platforms, has admitted that a data breach in December 2022 compromised the personal and financial information of nearly 35,000 users.
The company began notifying affected users on January 19th, 2023, with a letter explaining that their accounts had been hacked between December 6th and 8th, 2022. The letter stated that the hackers may have accessed names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, bank account numbers, and PayPal account balances.
According to PayPal’s letter, the company was able to detect and mitigate the attack as soon as it occurred. Still, the internal investigation was not finished until December 20th. The letter also claimed that the login credentials used by the hackers were not obtained from PayPal’s network but did not provide any further details on how they were acquired.
PayPal apologized for the incident and offered affected users free credit monitoring and identity theft protection services. The company also advised users to change their passwords and monitor their accounts for suspicious activity.