Rewterz Threat Advisory – Multiple Oracle Systems Solaris Common Desktop Environment Vulnerabilities
January 24, 2023Rewterz Threat Alert – AsyncRAT – Active IOCs
January 25, 2023Rewterz Threat Advisory – Multiple Oracle Systems Solaris Common Desktop Environment Vulnerabilities
January 24, 2023Rewterz Threat Alert – AsyncRAT – Active IOCs
January 25, 2023Severity
High
Analysis Summary
On a recent data breach, PayPal has informed about 34,942 users that their account information may have been exposed during a credential stuffing attack.
Credential stuffing is a type of cyber attack in which threat actors use lists of stolen login credentials (username and password combinations) to try and gain access to other accounts, by automating the process of guessing the correct login credentials.
According to PayPal, the credential stuffing attack occurred between December 6 and December 8, 2022. Threat actors gained access to user names, addresses, Social Security numbers, personal tax identification numbers, dates of birth, and of course transaction histories. The company is issuing breach notification letters to the impacted clients.
“On December 20, 2022, we confirmed that unauthorized parties were able to access your PayPal customer account using your login credentials. We have no information suggesting that any of your personal information was misused as a result of this incident, or that there are any unauthorized transactions on your account. There is also no evidence that your login credentials were obtained from any PayPal systems.”, the letter sent by the company
The cyber criminals in this case, likely obtained the login credentials from a third-party data breach and then used them to try and gain access to PayPal accounts. PayPal has taken steps to secure the affected accounts, such as requiring users to change their passwords, and has implemented additional security measures to prevent similar incidents in the future.
Additionally, PayPal is notifying the impacted users of the incident and is encouraging them to take steps to protect their personal and financial information, such as monitoring their accounts for suspicious activity and being cautious of phishing emails. It is important to mention that PayPal is not the only company that has been targeted by these types of attacks, and it is advisable to use unique and strong passwords for different accounts, enable two-factor authentication, and be vigilant of suspicious emails or messages.
“We reset the passwords of the affected PayPal accounts and implemented enhanced security controls that will require you to establish a new password the next time you log in to your account” – PayPal
Alon Gal, Ceo at Hudson Rock warns that over one million of PayPal credentials are available in the cybercrime underground, explaining that they were obtained using info-stealer infections.
Alon Gal, CEO of Hudson Rock, warns that over one million PayPal credentials are available in the cybercrime underground, having been gained through info-stealer infections.
“tbh 35,000 is peanuts, Hudson Rock info-stealers data indicates they have over 1,350,000 users credentials that are in the hands of hackers, with more getting added every day (not to mention some compromised PayPal employees as well).”
Impact
- Personal Information Theft
- Credential Stuffing
Recommendations
- PayPal recommends that customers use two-factor authentication (2FA) protection from the ‘Account Settings’ option, which can prevent unauthorized parties from accessing an account even if they have a valid login and password.
- The company strongly advises recipients to change their passwords for other online accounts to a unique and lengthy string. A decent password should be at least 12 characters long and contain both alphanumeric and symbol characters.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Ensure that general security policies are employed including: implementing strong passwords, correct configurations, and proper administration security policies.
- Do not use the same password for multiple platforms, servers, or networks.