This post is also available in:
עברית (Hebrew)
A post on a known data leak forum has raised concerns over a claimed dataset containing 15.8 million PayPal login credentials. According to the post’s author, the information was allegedly obtained in May 2025 and includes email addresses, passwords, and associated URLs. However, according to Cybernews, PayPal denies any recent breach, linking the incident instead to a previously reported credential stuffing attack from 2022.
The leak has not been independently verified. Cybersecurity researchers have examined a small sample provided by the attackers but stated it was insufficient to determine the authenticity or scope of the data. The low asking price for the dataset has also raised questions about its quality, with experts suggesting that many credentials may be outdated, fabricated, or reused.
PayPal maintains that there has been no new data compromise, attributing the dataset to fallout from the 2022 credential stuffing incident, which affected around 35,000 accounts. That incident involved attackers using stolen credentials from unrelated breaches to access PayPal accounts. In early 2025, the company agreed to pay $2 million in a settlement with U.S. regulators over compliance failures related to that event.
Despite PayPal’s denial of a new breach, the latest leak—if valid—could still put users at risk. Plaintext credentials give threat actors a direct route into user accounts, especially if multi-factor authentication is disabled or inconsistently applied. The inclusion of URLs linked to services could also aid attackers in launching automated campaigns against third-party platforms.
Cybernews Researchers noted that many of the leaked passwords appear to be reused, reducing the actual number of useful combinations for attackers. Additionally, if the data had indeed been stolen earlier this year, it is likely that the most valuable parts have already been exploited.
As of now, there is no clear evidence that a new security breach has occurred. Still, the appearance of such a dataset highlights the continued importance of strong, unique passwords and multi-factor authentication—especially on platforms that handle sensitive financial data.
