Thousands of individuals who had their accounts hacked through credential stuffing attacks that revealed some personal data are receiving data breach notices from PayPal. Attacks called “credential stuffing” include testing different username and password combinations obtained from data dumps on numerous websites in an effort to get access to an account. The credential stuffing assault, according to PayPal, took place between December 6 and December 8, 2022. The business discovered it at the time and took steps to mitigate it, but it also launched an internal investigation to determine how the hackers gained access to the accounts.