PayPal, the most popular online payment platform, announced that 35,000 accounts were compromised by a security breach on December 20, 2022. Between December 6, 2022 and December 8, 2022, an unauthorized party could have viewed and possibly obtained personal information from PayPal customers. PayPal immediately notified law enforcement after it was aware of the breach.
Credential stuffing was the cause of the data breach, according to the Maine Attorney General. Credential stuffing is when an attacker uses stolen login credentials to gain access multiple accounts. Because many people share the same password, this attack is very common. To ensure maximum security, each account should have a unique password that is strong and must be kept updated.
PayPal has reset the passwords of affected accounts as a result. The affected individuals will also be eligible for a free Equifax identity monitoring service for two years. Equifax services enable individuals to monitor credit reports and spot suspicious activity such as fraudulent credit applications or opening bank accounts.
PayPal encourages users to take proactive steps to ensure their safety. You can update passwords, change security questions, or enable 2-step verification. A secondary verification method is required in order to add security to an account's 2-step verification process. A secondary verification method that is common includes a code sent by text message, phone call or authentication application.
It is important to keep up with new threats and take steps to protect your accounts. This incident is a reminder about the importance of protecting personal information online. Consumers should not only use strong passwords but also enable 2-step verification. They should also monitor their credit reports. Be suspicious of any emails or phone calls purporting to be from a financial institution.
Data breaches are increasing, making it more important to protect personal information. Consumers can minimize the chance of being a victim to data breaches by taking proactive steps and keeping abreast of the latest threats. This incident is a reminder to all of us to secure our personal data.
Data Breach at GoTo Webinar - Customer Information Compromise
GoTo issued a statement on January 23rd 2023, detailing an update to their ongoing investigation into data breaches. This incident is important for business owners and their security practices.
Information about the Hack:
GoTo Meeting/Webinar claims that the attackers gained access to customer information and were first identified on November 30, 2022. The attackers probably gained access to customer data and may have interacted with encrypted backups of user information as well as Multi Factor Authentication (MFA), settings. It is not clear how many accounts were affected.
The Scope of the Attack
GoTo stated that the attack affected customers who used its products such as Central Hamachi, Pro and RemotelyAnywhere. The company noted that no personal data, such as dates, home addresses or Social Security numbers, was compromised. This type of data is not stored or collected by GoTo.
Furthermore, all user data that is accessed from GoTo remains secure. The company wants to make sure that no personal information is left unencrypted by its customers for phishing attacks.
Response from the Company:
GoTo quickly contacted affected users to address any possible damage. It also reset passwords and disabled MFA settings. Users were required to verify their accounts by performing additional steps. The company also stated that it is moving to an Identity Management Platform, which will offer greater security and visibility to its customers.
The impact on business owners and the general public:
Trust in GoTo's products has been severely damaged as well as the security of user's information. It is important for business owners to take the time to assess their security procedures and make sure they are current. Although it's difficult to assess the exact impact on businesses or the public, fraud or identity theft could be caused by the misuse of stolen information.
Businesses must take proactive measures to protect their sensitive accounts and information. It is important to
- use strong passwords
- multi-factor authentication on all accounts
- monitor suspicious activity regularly.
These best practices will help business owners reduce the chance of being hacked.
GoTo's data breach shows that even the most secure systems can be vulnerable to attack. Business owners need to be vigilant and proactive in protecting their accounts and data. These measures will ensure that sensitive information is not compromised. The best proactive measure you can take is to call Integrated Technology Systems today.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com
