So now its 20th January 2023 and I just get a news message that Paypal has admitted it has had a data a breach back in December last year.
From the news story on 19 January posted in Bleeping computer.
PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data.
Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites.
According to the data breach reporting from PayPal, 34,942 of its users have been impacted by the incident. During the two days, hackers had access to account holders' full names, dates of birth, postal addresses, social security numbers, and individual tax identification numbers.
Transaction histories, connected credit or debit card details, and PayPal invoicing data are also accessible on PayPal accounts.
I wonder if this is why they removed the one-time codes back in December 2022
