PayPal breach exposed nearly 16M login credentials, hackers claim

Published: 18 August 2025
Last updated: 20 August 2025
Hackers claim PayPal data dump
Image by Cybernews.

A dataset allegedly containing 15.8 million PayPal credentials, including login emails and plaintext passwords, was posted on a popular data leak forum. Hackers claim that the data is recent. Meanwhile, PayPal denies data breach claims.

Key takeaways:
  • Hackers claim to have stolen 15.8 million PayPal login credentials including plaintext passwords.
  • The data dump lacked a large enough sample and could not be independently verified.
  • PayPal denies any data breach claims, saying the data dump is related to a security incident from 2022.
  • The low selling price suggests the alleged data quality may be poor.

After the PayPal hack a credential leak post appeared on a well-known data leak forum, which is utilized to leak and sell stolen data. The ad’s author claims the dataset includes millions of PayPal credentials with emails and passwords.

ADVERTISEMENT

The company's representative told Cybernews that no data breach took place and the attackers' post relates to an earlier incident.

PayPal credentials leaked

“There has been no data breach – this is related to an incident in 2022 and not new,” the company's representative told Cybernews in an email.

PayPal experienced a large-scale credential stuffing attack in 2022 that exposed 35,000 accounts. In early 2025, the company agreed to pay $2M to US regulators to settle regulatory action, after officials determined PayPal had failed to comply with New York's cybersecurity regulation.

Attackers' data breach claims: What we know so far

Meanwhile, the attackers claim that they obtained the data in May of this year. The allegedly stolen details include sensitive information such as:

  • Login emails
  • Plaintext passwords
  • Associated URLs
  • Variants

“There has been no data breach – this is related to an incident in 2022 and not new,”

PayPal said.
ADVERTISEMENT

According to the attackers, the dataset includes information from numerous PayPal accounts worldwide. If confirmed, the data dump would pose serious risks to the company’s users.

For one, the allegedly leaked information reveals login credentials, a crucial type of information necessary to access PayPal accounts. While PayPal users often have multi-factor authentication enabled, knowing access details would eliminate the first line of defense against attackers.

Moreover, the attackers claim the data dump includes associated URLs, pointing attackers directly to services linked with allegedly leaked information. Based on the data sample that the attackers provided, the dump is structured to enable cybercrooks to carry out automated credential stuffing attacks.

Attackers note that while the alleged leak includes “thousands of unique and strong-looking” password strings, many are reused. This could mean that the amount of data useful for attackers is much smaller than the post’s author would like to admit.

Gintaras Radauskas Niamh Ancell BW Ernestas Naprys Paulina Okunyte
Get our latest stories today on Google News
Google News Follow us

The Cybernews research team looked into the attackers’ claims, but could not verify their validity. The data sample provided is too small to draw any conclusions. Researchers added that if the data was taken in May, most of what was useful would probably have been exploited by now.

Interestingly, the supposedly massive data dump is sold for an amount that hardly matches the attackers’ claims. This could point to the actual quality of the alleged data dump.

PayPal has never suffered a major data breach, which could be an indication that attackers obtained the data in some other way. One possible explanation could be infostealer malware.

Cybernews recently wrote about billions of records in numerous databases, made up of information that was likely stolen using infostealers. For example, infostealer malware often structures the data it takes with a URL, followed by login details and a password. The post alleging the PayPal breach indicates that the data is structured exactly like that.

ADVERTISEMENT

What are infostealers?

Infostealers are a type of malware that quietly sneaks onto your device and digs through your personal data. They don’t lock your screen or slow things down like some other threats. Instead, they stay hidden and pull out whatever they can find, things like saved passwords, autofill details, browser cookies, credit card numbers, and even access to crypto wallets.

These things usually end up on your device after clicking on something sketchy, downloading a fake program, or opening a shady email attachment. Once they’ve settled in, they move fast. Your data gets scooped up and sent off to whoever’s behind the attack, often without you ever knowing it happened. Some are clever enough to delete themselves afterward, so you might not even realize anything happened.

What makes it worse is how easy they are to get. Anyone can buy or rent an infostealer on dark web forums, no tech skills needed. Tools like RedLine, Raccoon, and Vidar are all over the place and have been used in some massive data breaches recently, including some tied to Snowflake in 2024 and 2025.

And they’re not just a problem for Windows users anymore. This isn’t just a Windows problem; some of these things are made to hit macOS and even Android devices, too, so no one’s really off the hook. Users potentially affected by the breach are advised to use a reliable password manager and change their PayPal passwords.

FAQ

Did PayPal have a security breach?

While attackers would like us to think so, PayPal denies any data breach claims. According to an official response from the company, recent data breach claims carry no weight. PayPal says the data dump is related to an security incident from 2022.

PayPal “breach”: what data has been exposed?

Since attackers provided a very limited data sample it is impossible to accurately say what data may have been included in the data dump. Attackers themselves claim that the dataset includes login email, plaintext passwords, URLs associated with the credentials and credential embeds.

Is PayPal safe to use in 2025?

Yes. PayPal is among the largest financial technology companies in the world, and a subject to a multitude of security regulations which the company must adhere to. So far, the company did not suffer from any known major data breaches. Having said that, users should create strong passwords and use multi-factor authentication to protect their financial accounts from intruders.

Updated on August 18th [03:35 p.m. GMT] with a statement from PayPal.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
By participating in this viral trend, you help train AI where it struggles the most
Windows hibernation may contribute to SSD wear as storage costs rise
UFO skeptic Michael Shermer apologizes to David Grusch
Man tries to make a sale on Facebook Marketplace, gets scammed out of $300 via Zelle
Critical FFmpeg flaw discovered: just watching a video can fully compromise your system
The world's top intelligence alliance: AI could supercharge cyberattacks within months
ADVERTISEMENT