A number of readers have asked if this security incident was a result of PayPal itself being compromised. The answer is an emphatic no; cybercriminals did not breach PayPal. The irony here is that it will have been breaches at other services that were behind the large-scale credential stuffing attack, which led to nearly 35,000 PayPal customer accounts being accessed by an unauthorized third-party criminal actor.