Massive data breach sees 16 million PayPal accounts leaked online - here's what we know, and how to stay safe

Date:
Fri, 22 Aug 2025 20:25:00 +0000

Description:
Hackers claim a massive PayPal breach involving 15.8 million logins, although experts doubt authenticity, and the company insists it ties back to older incidents.

FULL STORY ======================================================================Hackers claim to be selling millions of PayPal logins, but experts suspect foul play The dataset allegedly includes passwords, emails, and URLs for automated attacks Experts say the leaked sample is too small to confirm authenticity, and its low pricing casts doubt about its legitimacy

Hackers recently announced on a well-known forum that they were selling a dataset of 15.8 million stolen PayPal credentials, allegedly including login emails and plaintext passwords.

The cybercriminals claim the information was stolen in May 2025, and the dataset contains not just emails and passwords but also associated URLs, making it easier for criminals to automate credential stuffing attacks and launch identity theft scams.

They also claim that while many of the leaked passwords appeared unique and strong-looking, a large portion were reused. If true, the value of the dump may be smaller than suggested. Doubts over the breach claims

However, experts who examined the small sample released to the public concluded it was insufficient to verify the attackers claims, noting if the breach really occurred in May 2025, much of the usable data might already
have been exploited.

Interestingly, the price set for the alleged database is surprisingly low, raising further doubts about its authenticity.

Historically, high-quality stolen data commands far higher prices on the dark web.

However, PayPal quickly denied any new breach, instead pointing to a security incident from 2022, which involved credential stuffing attacks and resulted
in regulators fining the firm earlier this year.

That event saw only 35,000 accounts exposed, a far cry from the millions now claimed by attackers.

Skeptics argue the resemblance between the alleged PayPal dataset and the structure of infostealer malware logs from an older event suggests foul play.

Infostealers quietly harvest passwords, cookies, and other details from infected devices, often packaging the data with a URL followed by login information.

It is quite common to find credentials listed in stealer logs that circulate on dark web marketplaces, but these are not directly from PayPals system;
they are from compromised user devices.

Regardless of whether this new claim proves genuine, the situation
underscores how easy it is for user information to circulate once stolen.

Leaked login details can enable identity theft and financial fraud long after the original compromise.

Users who have reused PayPal credentials on other platforms remain vulnerable to attack. How to stay safe Change your PayPal password and avoid reusing it across other services. Enable multi-factor authentication to add an extra layer of security. Monitor accounts regularly for signs of identity theft or unusual activity. Use a strong internet security suite with firewall protection. Be cautious with links and attachments that may carry infostealer malware. Consider dedicated identity theft monitoring services for added protection.

Via Cybernews You might also like Take a look at our roundup of the best business VPNs available now These are the best cloud document storage solutions to choose from Asus new laptops come with 5-year BIOS update warranty and 1-year McAfee+ premium subs



======================================================================
Link to news story: https://www.techradar.com/pro/massive-data-breach-sees-16-million-paypal-accou nts-leaked-online-heres-what-we-know-and-how-to-stay-safe


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)