- Hackers claim to be selling millions of PayPal logins, but experts suspect foul play
- The dataset allegedly includes passwords, emails, and URLs for automated attacks
- Experts say the leaked sample is too small to confirm authenticity, and its low pricing casts doubt about its legitimacy
Hackers recently announced on a well-known forum that they were selling a dataset of 15.8 million stolen PayPal credentials, allegedly including login emails and plaintext passwords.
The cybercriminals claim the information was stolen in May 2025, and the dataset contains not just emails and passwords but also associated URLs, making it easier for criminals to automate credential stuffing attacks and launch identity theft scams.
They also claim that while many of the leaked passwords appeared unique and “strong-looking,” a large portion were reused. If true, the value of the dump may be smaller than suggested.
Doubts over the breach claims
However, experts who examined the small sample released to the public concluded it was insufficient to verify the attackers’ claims, noting if the breach really occurred in May 2025, much of the usable data might already have been exploited.
Interestingly, the price set for the alleged database is surprisingly low, raising further doubts about its authenticity.
Historically, high-quality stolen data commands far higher prices on the dark web.
However, PayPal quickly denied any new breach, instead pointing to a “security incident” from 2022, which involved credential stuffing attacks and resulted in regulators fining the firm earlier this year.
That event saw only 35,000 accounts exposed, a far cry from the millions now claimed by attackers.
Skeptics argue the resemblance between the alleged PayPal dataset and the structure of infostealer malware logs from an older event suggests foul play.
Infostealers quietly harvest passwords, cookies, and other details from infected devices, often packaging the data with a URL followed by login information.
It is quite common to find credentials listed in stealer logs that circulate on dark web marketplaces, but these are not directly from PayPal’s system; they are from compromised user devices.
Regardless of whether this new claim proves genuine, the situation underscores how easy it is for user information to circulate once stolen.
Leaked login details can enable identity theft and financial fraud long after the original compromise.
Users who have reused PayPal credentials on other platforms remain vulnerable to attack.
How to stay safe
- Change your PayPal password and avoid reusing it across other services.
- Enable multi-factor authentication to add an extra layer of security.
- Monitor accounts regularly for signs of identity theft or unusual activity.
- Use a strong internet security suite with firewall protection.
- Be cautious with links and attachments that may carry infostealer malware.
- Consider dedicated identity theft monitoring services for added protection.
Via Cybernews
