Oh, good, right when I signed up for the first time.

Why the fuck does PayPal have anyone's SSN?

They operate as a bank and offer credit.

But they're not a bank! They just do everything that a bank does. Totally different which is why they don't require oversight like a bank. See?

I made the mistake of taking payment for something using PayPal and I couldn't withdraw the money without giving them my SSN. Such fucking bullshit and now even worse that it's been leaked. This is why I didn't want to give you my SSN PayPal! Fuck you!

It will be just like Equifax, after the lawyers take half the settlement everyone will get a check for $10 in the mail.

Just to make sure you understand, this is a credential stuffing breach. You would have had to use a shared password on PayPal and a different compromised site. If this does apply to you, you really need to think about changing all your passwords and make sure they’re unique per site or at least unique for each high level of risk site. IE banking, financial, isp/cellular, medical, email high risk. Social media medium. Forums low risk. Etc..

What's really stupid is Synchrony is who runs PayPal credit now but PayPal gatekeeps who can use it. PayPal should not have anyone's SSN to use PayPal credit, Synchrony should only have it.

Ahhh, thank you for the explanation. I'm probably safe because I use bitwarden to auto generate complex and unique passwords for anything important. I honestly don't even know my PayPal password.

Either way fuck them for holding my money ransom.

Yes, you’re safe then.

Not paypals fault that you reused your password.

Edit: credential stuffing attack means: The user used the same password for paypal as they have used elsewhere before.

I don't use PayPal lol

[deleted]

[removed]

Stop reusing passwords.

Hackers are constantly trying websites everywhere with username/password pairs stolen in breaches. Its programmatic, uses rotating proxies, and is hard to stop for most security/IT programs. If you reuse passwords, this will happen to you.

Fucking how. Get ur shit together Paypal

Social Security numbers at PayPal? Really?

Yup! I had to deal with this a couple years ago. I had to write a custom little thing to automate adding them to our firewalls from all our kibana logs.

They didn’t give a fuck, they’d cycle through hundreds and hundreds of IPs every day and management never let me block more then /32s. Went on for months…

Phewwww thank god I never signed up for that shit

Deleting my shit today, these companies are grossly unsecured.

[deleted]

And by the time you've blocked them, they've moved onto other IPs. I worked at a company that took these attacks very seriously but never found a way to block them. We just watched and reset the account passwords to prevent the accounts from being used.