PayPal has confirmed that nearly 35,000 users may have been affected following a data breach between December 6 and December 8, 2022. The suspected ‘credential stuffing’ attack may have meant that details like users’ names, addresses, Social Security numbers, tax ID numbers, and/or dates of birth may have been viewed but there is no current evidence that the data has been misused. PayPal has now informed (by email) and reset the passwords for the affected users, added enhanced security controls, and given affected users one year free identity monitoring services through Equifax.