Why PayPal Users Need to Check Their Accounts (Right Now)

PayPal customers attacked and personal information compromised.

Scams never stop. Companies use a lot of ways to help protect against a breach in their network to keep customers' information safe.

But hackers have worked hard to find ways around these digital blockades. Theft is nothing new, but how crooks are doing it is continuously evolving.

Not too long ago ID theft was a major problem for banks and credit card companies. That is no longer the case and hasn’t been for quite some time. Now, every company is subject to possible data breach., and banks and credit cards are held to a higher security standard than other companies. 

The companies can only do so much to protect their customers data and its own. Most customers find login and password restrictions really annoying. Consumer protection experts advise people to not make their login username their email. That just further exposes them to possible hackers. You shouldn’t reuse passwords. So, when the company login portal says you can't reuse a password you have used previously, it's not to annoy you, but protect you. Although it can be really annoying, when it says you can’t use a password.

If you get the message, that’s because you are putting yourself at risk for hackers by reusing passwords in the company’s portal. That should also set off a red flag in your brain, saying hey maybe I shouldn’t use this login and password for my other accounts as well. Having a unique login and password may be inconvenient, but it's better than dealing with identity theft or other financial scams.

PayPal Not Hacked

While the headlines may make you think PayPal was breached, it is not the case. The company’s network was not hacked. What kind of scam happened is called credential stuffing. Hackers use numerous combinations of logins to find the ones that truly exist, and then they guess passwords. It's an onslaught type attack on the network, but it doesn’t actually breach the company’s protection. The scammers find the usernames and then can cross check those usernames across other, perhaps less secure, companies.

PayPal  (PYPL) - Get Free Report is going to have a robust protection for its data and customers, but a company that cleans houses, and allows customers to have a login username and password will not. If that same login username exists in both PayPal and the cleaning companies' customer portals, it's easier for the hacker to break into the less secure company data network to get passwords. Then use the data they collected into the bigger more robust secure networks giving the hackers more access to data to continue to breach other sites.

The getting access to the correct username and unique password are only one hoop for scammers to break through. If they can get that information if a company has a two-factor authentication it can help stop crooks or at least slow them down. These scammers were able to get authentic usernames for about 35,000 PayPal accounts in December.

PayPal Offers Breached Accounts Assistance 

PayPal reached out to the 34,942 customers that had their accounts hacked through this latest credential stuffing attack to let them know how to better protect themselves and their accounts in the present and against future attacks. PayPal’s customer accounts were attacked sometime between Dec. 6 and Dec. 8 last month. The breach wasn’t not discovered until Dec. 20.

Other ways customers can help protect themselves and their accounts is by using unique usernames and passwords for all online accounts. While annoying and inconvenient, having unique passwords and usernames is one of the easiest ways and free ways to protect individuals and their personal digital information. The affected accounts were also offered identity theft monitoring for two years through Equifax by PayPal according to CNET. 

Many companies offer a two-factor authentication to verify accounts before gaining access. Two factor authentication uses the username and password, but after those have been accurately entered, a code is sent via email, text or phone call to receive a code and enter it to gain access to the user account. While some hackers have found ways around using two factor authentication it is still best used with unique usernames and passwords to guard customers.