PayPal has reportedly filed a data breach with the US Attorney's Office.
Thousands of PayPal users are said to be affected by a data leak.
PayPal is currently contacting those affected.
Munich / dpa - There is mail that one would like to do without.
This certainly includes notifying a payment service provider that hackers have stolen the personal data.
A message like this is currently reaching thousands of PayPal users.
As reported by the German Press Agency (dpa), the payment platform PayPal discovered a hacker attack and reported it to the US public prosecutor's office.
Almost 35,000 customers are said to be affected by the data leak.
PayPal data leak - Hackers had access to names, addresses and social security numbers
According to PayPal, cybercriminals were able to gain access to names, addresses, social security numbers, tax identification numbers and dates of birth.
The company is currently informing the affected customers and has reset their passwords.
Even if the company asserts that there has been no misuse of the data so far, the customers have suffered damage.
Because once data has been published on the Internet, data misuse can occur at any time.
Those who use payment services automatically handle their data on the Internet.
A found "food" for hackers?
After all, almost two-thirds of Germans use financial apps such as PayPal or Klarna.
Hacker groups often blackmail companies and organizations on a large scale.
But the investigators don't sleep.
Now investigators from all over the world have broken up the network - with crucial support from Germany.
Data leak at PayPal - what is known in detail?
According to media reports, PayPal is said to have discovered the hacker attack on December 20, 2022.
The timely investigation revealed that the hacker attack had already taken place between December 6th and 8th.
Payment service provider PayPal then reported the unauthorized outflow of personally identifiable information (PII) to the Maine Attorney General - i.e. a data leak.
Attackers tested numerous access data in a so-called credential stuffing attack and were successful in almost 35,000 cases.
FYI: Credential stuffing is one of the most common cyberattack methods.
Previously leaked or illegally obtained credentials are used to bulk try them for unauthorized access to other services.
The attackers assume that users are using their login data with the same user names and passwords for several services at the same time.
According to PayPal's ad, the criminals gained access to customers' names, addresses, social security numbers, tax identification numbers and dates of birth.
A notification has now been sent to those affected.
According to PayPal, PayPal has not yet received any information
Lawyers inform what consequences the data leak at PayPal can have
At first glance, not much has happened for PayPal customers, writes the law firm Dr.
Stoll & Sauer.
But the next spam and phishing wave is rolling towards consumers.
There is a high risk that fraud attempts will be made with the help of SMS, e-mail or malware.
Since there have been major data breaches on social media accounts such as Facebook, the risk of criminals linking personal data is growing.
In the worst case, they could end up impersonating consumers and doing business on behalf of the victims.
Is my data hacked?
What can confused PayPal customers do?
Exploiting a data leak is also a loss of control over your own, sometimes sensitive, data.
If the data is hacked, it can always be used by criminals.
The danger lies in the future.
If you are unsure whether your data has been hacked, you can contact PayPal.
Users of the payment service have the right to know whether they have been affected by the data leak.
According to Article 15 of the European General Data Protection Regulation (GDPR), the company must provide you with information within four weeks.