Between Dec. 6 and Dec. 8, 2022, cybercriminals compromised and harvested information from nearly 35,000 PayPal accounts in a credential stuffing attack, Paypal announced after an investigation into the incident. During the two-day window, the attackers gained access to highly sensitive information. This information included users’ names, dates of birth, postal addresses, social security numbers, and tax identification numbers.