PayPal President David Marcus said on Monday that his credit card details were stolen and the information was used to finance a fraudulent spending spree.
Marcus said the card was probably "skimmed" at the hotel he was staying at, or at a merchant he visited, during a recent trip to the U.K.
"They then cloned it and went on a shopping spree," the executive wrote on Twitter.
Marcus noted that his credit card had EMV chip technology, a more secure system currently in use in Europe. But that didn't stop the data from being stolen and used for a "ton of fraudulent" transactions, according to the PayPal chief.
A skimmer is a device fixed to the front of an ATM or point-of-sale terminal that secretly swipes credit and debit information when customers slip their cards into the machines to withdraw cash or pay for something. This malicious technology has been around for years, but skimmers are constantly improving it, according to cyber security expert Brian Krebs.
PayPal's Marcus did not waste an opportunity to tout his company's security benefits, saying the breach would not have happened if the merchant had accepted PayPal as a form of payment. PayPal says it does not share card or bank account details with merchants when shoppers use the service to buy something.
PayPal is trying to expand from its online roots to become a common way to pay in physical stores. The security of card transactions in retail locations has been questioned recently by the massive theft of customer data from Target.
"Obfuscating card data online, on mobile, and now more and more offline remains one of PayPal's strongest value props," Marcus added on Twitter.