People who use same passwords across many online sites are recommended to change to unique, secure passwords for each one. A strong password often has at least 12 characters, including symbols and alphanumeric characters.
Commenting on the incident, Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts Network, said: “It is at least surprising why MFA authentication is not enforced by default for such a sensitive service as PayPal.”
“Moreover, any unusual activity, such as login from an unknown location or new device should be rapidly reported to the user and the account may be temporarily suspended unless the user takes an action.
“Modern MFA technologies cost almost nothing to implement and should be enabled by default by financial service providers as a foundational security control. In the meantime, all users should urgently enable MFA everywhere, especially in view of the recent LastPass data breach.”
Source and more details: https://www.immuniweb.com/media/paypal-35000-customers-breached-in-credential-stuffing-attack.html