$\"padlock$ <\/p>\n

Image: Mmh30 \/ Pixabay<\/span>\t\t\t\t<\/p>\n<\/p><\/div>\n

\n<\/p>\n

Another day, another major security breach. Following in the footstep of Twitter<\/a> and Experian<\/a>, on Thursday PayPal began notifying nearly 35,000 users that their accounts were breached between December 6 and 8. What\u2019s different here is the method attackers used to crack the accounts. PayPal itself wasn\u2019t hacked. Instead, the baddies used an attack known as credential stuffing\u2014leveraging previously leaked login information that people reused for their PayPal accounts.<\/p>\n

\u201cDuring the two days, hackers had access to account holders\u2019 full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers,\u201d reports. \u201cTransaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.\u201d<\/p>\n

Oof<\/strong>.<\/p>\n

That\u2019s some seriously personal information to leak. PayPal halted the intrusion within two days, reset the passwords for affected users, and says no unauthorized transactions were attempted. It\u2019s also giving affected users two free years of credit monitoring from Equifax, per Bleeping Computer.<\/p>\n

But this attack didn\u2019t need to happen. Again: PayPal wasn\u2019t hacked, and none of these accounts would have been compromised if their owners followed some fundamental online security practices.<\/p>\n

Don\u2019t reuse passwords across accounts, especially ones that hold ultra-sensitive private or banking information (like PayPal). A good password manager<\/a> makes that easy, and free options are available. Having two-factor authentication enabled also would stymie these credential-stuffing attacks. PayPal offers the security option under its Account Settings menu. Our guide to setting up two-factor authentication the right way<\/a> can help if you\u2019re unfamiliar with the term.<\/p>\n

Please do both now if you aren\u2019t already. They\u2019re the first two pieces of advice in 5 easy tasks to supercharge your security<\/a> for a reason.<\/p>\n

PayPal might not have been hacked, but it isn\u2019t completely without blame here either. Baber Amin, the COO of Veridium, sent the following thoughts over email:<\/p>\n

\n
\u201cAs trusted vendors, PayPal and others need to set a higher bar here.\u00a0 Vendors should implement:<\/p>\n
Processes to monitor and identify anomalous behavior, like the vast number of login failures from a credential stuffing attack.\u00a0 There are multiple tools and services that can do this now. For PayPal to take multiple days to catch this should not be acceptable.<\/p>\n
Actively encourage customers to use two-factor authentication, and not just provide it as an option.<\/p>\n
Actively eliminate passwords from their user-facing systems by fast tracking Fido Passkey adoption.\u201d<\/p>\n<\/blockquote>\n
The last part is a bit self-serving, as Veridium is a cybersecurity firm focused on passwordless authentication, but it\u2019s still good advice for PayPal. We\u2019ve seen major tech companies like Apple, Google, and Microsoft recently commit to passwordless futures<\/a>.<\/p>\n
Until we reach that point, however, protecting your passwords and accounts remains critical, as this PayPal breach drives home. Get your security ducks in a row<\/a> and stay safe out there, folks.<\/p>\n
<\/body><\/div>\n
\n
\n\t\t
\n\t\tAuthor: Brad Chacos<\/a>, Executive editor\t\t<\/h3>\n
\n
\n
\n\t\t\t\t<\/p>\n
Brad Chacos spends his days digging through desktop PCs and tweeting too much<\/a>. He specializes in graphics cards and gaming, but covers everything from security to Windows tips and all manner of PC hardware.<\/p>\n<\/p><\/div>\n
\n
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t
Read More<\/a>
\n Johnathon Klemp<\/p>\n","protected":false},"excerpt":{"rendered":"
Image: Mmh30 \/ Pixabay Another day, another major security breach. Following in the footstep of Twitter and Experian, on Thursday PayPal began notifying nearly 35,000 users that their accounts were breached between December 6 and 8. What\u2019s different here is the method attackers used to crack the accounts. PayPal itself wasn\u2019t hacked. Instead, the baddies<\/p>\n","protected":false},"author":1,"featured_media":599370,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23795,3378,46],"tags":[],"class_list":{"0":"post-599369","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-accounts","8":"category-paypal","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/599369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=599369"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/599369\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/599370"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=599369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=599369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=599369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

\n\t\t\n\t\tAuthor: Brad Chacos<\/a>, Executive editor\t\t<\/h3>\n\n\n\n\t\t\t\t<\/p>\n