More likely, the credentials were obtained through data breaches involving other online businesses.
It claimed to have uncovered no proof of a security flaw in its systems or that the user login information was stolen directly from PayPal. The widespread password reuse among its customers was to blame for a significant breach of personal data, PayPal said, as per the outlet. In addition to identifying the problem and taking steps to mitigate it, the company launched an internal investigation to learn how the hackers gained access to the account, GizChina reported. The fintech giant revealed in the said letter earlier this month that the attack occurred between Dec. A security incident alert letter has reportedly been sent to thousand so PayPal account holders, suggesting that 35,000 client accounts were compromised in a credential-stuffing attack.
