More than 100,000 records with legitimate PayPal credentials in a combolist claimed to have been obtained by threat actors last month were dismissed as outdated data gathered from infostealer logs, according to Cybernews.Aside from the unusually low number of records included in the exposed combolist, attackers could have merely downloaded the potentially irrelevant logs from an infostealer or bot last month, said the Cybernews research team, which also emphasized the significant time and effort required to compromise PayPal accounts that are mostly protected with multi-factor authentication.Such a development comes months after PayPal was claimed to have had a dataset with 15.8 million credentials stolen by hackers. The assertions were refuted by PayPal, which noted that the data had been from a widespread credential stuffing intrusion in 2022 that leaked 35,000 accounts. While PayPal has yet to be impacted by a major breach, increasingly advanced infostealing malware continues to be a threat, researchers added.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds