Payment solutions provider PayPal has sent emails to users informing them that its systems have recently been hit by a crash attack and that some user data may have been compromised.
PayPal explained that the crash attack took place between December 6 and December 8, 2022. The company discovered and mitigated the attack at the time, but also began an internal investigation to find out how the hackers gained access to the accounts.
PayPal concluded its investigation on 20 December 2022, confirming that an unauthorized third party had logged into the account using valid credentials.
PayPal said its investigation into the crash attack found no evidence that it was caused by a system vulnerability and no evidence that the attackers stole this user information directly from PayPal.
PayPal’s data breach report shows that a total of 34,942 users were affected by the incident. Over the course of two days, the hackers obtained account holders’ full names, dates of birth, postal addresses, social security numbers and personal tax numbers.