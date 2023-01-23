Mexico City.- Cybersecurity will be one of the most relevant topics in technology this 2023, since online threats leave no one in the sun or in the shade, not even big techs like PayPal, which has already suffered a disaster.

On January 18, the online payment company announced that the data of multiple users was violated, although it did not reveal the exact number of people affected.

News outlets such as BleepingComputer reported that a PayPal data breach report reported that more than 35,000 people were affected.

“On December 20, 2022, we confirmed that unauthorized persons were able to access your PayPal customer account using your login credentials,” PayPal said in a statement.

“We have no information to suggest that your personal information was misused as a result of this incident, or that there were any unauthorized transactions on your account. There is also no evidence that your login credentials were obtained from any security system. PayPal,” he added.

According to the company, the events occurred from December 6 to 8, dates on which the attackers had access to data such as name, address, social security number, tax identification number or date of birth.

PayPal assured that there is no evidence that the credentials were obtained from the systems, which suggests that they were obtained from past security breaches and gained access through some type of brute force attack.

The expert cybersecurity company Eset reported that this form of cybercrime is known as ‘credential stuffing’, which occurs when cybercriminals automatically try email addresses and passwords that were leaked in past breaches until they find an account. keep using those same keys.

The company assured that having a long password will not be enough and that keeping two-step authentication active is effective in preventing this type of attack.

“The risk that they have had access to this information is related to the possibility of being the target of phishing attacks or identity theft. The attackers can commercialize this data or they can even use it themselves to carry out fraud,” said Camilo Gutiérrez Amaya. , head of the Ese Research Laboratory in Latin America.

To alleviate the damage, PayPal reset the passwords of the accounts affected in the incident, a measure with which the victims were forced to establish a new password for their account on the platform.