“On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials,” the company said in the notification letter sent to the impacted individuals.
According to PayPal, between December 6 and 8, 2022, a third party accessed user accounts using login credentials obtained elsewhere. The unauthorized access was eliminated on December 8.
The company says the attackers likely obtained the login credentials via phishing or related nefarious activity, as it found no evidence that the company’s systems were breached.
