Hackers claim 15.8M PayPal accounts leaked

<p>Hackers are making bold claims on a popular underground forum&comma; advertising what they say is a database containing 15&period;8 million stolen PayPal logins&comma; complete with emails&comma; plaintext passwords&comma; and related URLs&period; The dataset is allegedly from May 2025 and&comma; if real&comma; could make automated attacks like credential stuffing much easier to carry out&period;<&sol;p>&NewLine;<p><img class&equals;"alignnone size-full wp-image-5521" src&equals;"https&colon;&sol;&sol;www&period;wincert&period;net&sol;wp-content&sol;uploads&sol;2024&sol;08&sol;paypal-6605154&lowbar;640&period;png" alt&equals;"" width&equals;"640" height&equals;"640" &sol;><&sol;p>&NewLine;<p>The sellers insist that many of the passwords look strong and unique&comma; but also admit that a large chunk of them are reused credentials&period; That could lower the actual value of the leak&comma; since reused passwords often circulate in multiple breaches&period; Adding to the uncertainty&comma; security researchers who reviewed the small sample shared publicly said it wasn’t nearly enough to prove the dataset’s authenticity&period; If the breach really happened months ago&comma; much of the usable data may already have been exploited anyway&period;<&sol;p>&NewLine;<p>Suspicion also grows from the price tag&period; The attackers are asking for far less than what genuine&comma; high-quality data usually fetches on dark web markets&period; That alone has experts questioning whether the dump is legitimate or simply cobbled together from older stolen data&period;<&sol;p>&NewLine;<p>PayPal itself has denied any fresh breach&period; The company pointed instead to a 2022 incident&comma; when credential stuffing attacks exposed about 35&comma;000 accounts&period; That case led to regulatory fines earlier this year&comma; far smaller in scale than the millions of accounts now being claimed&period;<&sol;p>&NewLine;<p>Critics note that the supposed PayPal dataset looks strikingly similar to logs generated by infostealer malware&comma; which steals saved credentials and cookies from infected devices&period; These logs often include URLs paired with usernames and passwords&comma; just like the leaked sample&period; In other words&comma; the data may not come from PayPal’s systems at all&comma; but from compromised users’ computers&period;<&sol;p>&NewLine;<p>Whether this latest claim is genuine or not&comma; it highlights a bigger problem&colon; once personal information is stolen&comma; it doesn’t vanish&period; Stolen logins can resurface years later&comma; fueling identity theft&comma; fraud&comma; and scams&period; For anyone who has ever reused a PayPal password on other platforms&comma; the risk is still very real&period;<&sol;p>&NewLine;