PayPal has denied rumours that account information was released to the public.
Last week hacker group Lulz Security claimed to have released login information for 62,000 web accounts, including Facebook, PayPal, dating sites, Xbox Live and Twitter.
LulzSec said that it uploaded a file of the login data to the file sharing site MediaFire and reported thousands of downloads before it was removed. The page that was hosting the data now says ‘the file you requested has been removed from MediaFire for a violation of our Terms of Service or our Acceptable Use Policy'.
LulzSec said on its Twitter feed: “Releasing 62,000 possible account combinations is the loot for creative minds to scour; think of it like digging a very unique mineshaft.”
In response to this, PayPal denied that account information was released, saying reports were not accurate.
It said: “We wanted to assure you that the PayPal site has not been breached or hacked in any way. A group of hackers is claiming they have compromised another, less secure website and have secured the usernames and passwords of a number of accounts from that site.
“The hackers have released these login credentials to the public and have encouraged criminals to try accessing personal online accounts at a number of companies, including PayPal, with this information.
“These usernames and passwords are not necessarily associated with PayPal, but if people have used the same login credentials for multiple sites, including PayPal, then their accounts could be accessed by another person.”
It said that its security team became aware of this situation early on and proactively began monitoring a number of accounts for suspicious activity.
“PayPal always safeguards our customers from qualified unauthorised payments sent from their accounts. We regularly monitor for unusual activity on accounts and will work directly with customers if they suspect their accounts have been accessed fraudulently,” it said.