_5.jpg)
_4.jpg)
_3.jpg)
.svg)
A massive dataset allegedly containing the login credentials for nearly 16 million PayPal users has surfaced on a well-known hacking forum, but cybersecurity experts are urging caution, suggesting the breach claims are likely exaggerated and the data may originate from a different source.
Hackers are attempting to sell a dump of 15.8 million stolen PayPal credentials, which they claim includes login emails and plaintext passwords, with the data allegedly stolen in May 2025. The dataset is structured to facilitate automated credential stuffing attacks, as it also includes associated URLs. While the hackers claim many of the passwords are "strong-looking," they admit a significant portion are reused, potentially diminishing the dataset's value. The alleged dump, if authentic, could be used for large-scale identity theft and financial fraud, and a wide range of users from countries worldwide could be affected, particularly in regions with high PayPal usage like the United States, Europe, and the UK.
However, doubts are mounting over the legitimacy of the claims. Experts who have examined a small sample of the data say it is insufficient to confirm the attackers' assertions. Furthermore, the surprisingly low price set for the database on the dark web—reportedly just $750—is highly suspicious. Historically, genuine, high-quality data dumps command a much higher price.
PayPal has officially denied any new breach of its systems, stating that the data likely stems from a "security incident" from 2022. That incident, which involved credential stuffing attacks, affected only about 35,000 accounts and led to the company being fined by regulators earlier this year. Skeptics point out that the format of the new alleged dataset bears a striking resemblance to logs from infostealer malware, which quietly harvests credentials and other sensitive information from infected devices. The data, therefore, may have been stolen directly from users' computers rather than from PayPal's servers.
Regardless of the data's origin, the incident serves as a stark reminder of the persistent threat of cybercrime. The circulation of login details, even from older breaches or malware infections, can lead to long-term financial fraud and identity theft. Users who have reused their PayPal credentials on other platforms are particularly vulnerable.
How to Stay Safe
To protect yourself, security experts recommend the following measures:
Change Your PayPal Password Immediately: Create a new, unique, and complex password that you have not used on any other website or service.
Enable Multi-Factor Authentication (MFA): This adds a crucial extra layer of security, making it significantly harder for attackers to access your account even if they have your password.
Monitor Your Accounts: Regularly check your PayPal account for any suspicious or unauthorized activity.
Use Strong Internet Security Software: A robust security suite with firewall protection can help prevent infostealer malware from infecting your device.
Be Cautious Online: Avoid clicking on suspicious links or downloading attachments from unknown sources, as these are common ways that infostealer malware is distributed.
Consider Identity Theft Monitoring: For added peace of mind, consider a service that monitors the dark web for your personal information.
_4.jpg)
_3.jpg)
