You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Another friendly PSA to update those passwords, especially if you use the same ones across multiple accounts. Another breach has occurred, and it looks like attackers are using known login information used across multiple websites to get your data. This means an innocent little login on a long forgotten website might give bad actors access to more important things like your PayPal account.
According to Bleeping Computer, 34,942 PayPal users have been affected by this latest credential stuffing attack on its systems. Credential stuffing is an automated approach where as many known logins as possible are stuffed into a website, which is why password recycling is a problem.
Many websites won't have the kind of security that, say, your bank or PayPal will employ to protect your personal details. It makes sense: most people don't store their valuables in a plastic safe, but you also wouldn't put the PIN to your real safe inside one. If you're using the same password, especially if combined with the same login across multiple sites, it just makes things that much easier for the bad guys.
Best SSD for gaming: the best solid state drives around
Best PCIe 4.0 SSD for gaming: the next gen has landed
The best NVMe SSD: this slivers of SSD goodness
Best external hard drives: expand your horizons
Best external SSDs: plug in upgrades for gaming laptops and consoles
For the two days the attack was running, hackers had access to all sorts of personal information, including full names, birth dates, address, social security numbers, and tax identification. They could also see PayPal transaction details that include credit card and bank information.
But what's kind of weird is they didn't do anything with this information. At least, not yet. PayPal hasn't found evidence of the attackers trying to make transactions, or anything else from the sounds of things. It's uncertain if this was the efforts of someone simply seeing if they could, like the recent exposer of the TSA no-fly-list, or if we should expect more nefarious actions to follow.
PayPal has changed passwords and notified impacted users, along with providing two years worth of pro bono Equifax identity monitoring to keep an eye on things. The company recommends everyone enable two-factor authentication to help protect against these attacks in future, and of course change and stop recycling your passwords. Especially in places you plan to keep important stuff like your identity.
