Excerpt from Cybernews Article, Published on August 18, 2025
A massive PayPal credential dump allegedly containing 15.8 million login details, including plaintext passwords and emails, was recently posted on a popular underground forum. The data, which hackers claim was collected in May 2025, includes sensitive user information from PayPal accounts globally. This dump poses a significant risk as it reveals credentials essential for account access, potentially bypassing multi-factor authentication if attackers have sufficient information.
While PayPal has not confirmed any direct breach of their systems, cybersecurity experts suspect the leaked data may originate from infostealer malware, which silently extracts saved passwords and sensitive details from infected devices. This type of malware is widely used, affecting not just Windows users but also macOS and Android platforms.
The PayPal credential leak is structured to facilitate automated credential stuffing attacks, with associated URLs linking directly to PayPal services. Though many passwords appear strong and unique, there are numerous reused ones, which could increase the chances of successful exploitation on other platforms as well. The dataset is being sold for a relatively low price, causing uncertainty about its overall quality and authenticity.
PayPal users are advised to remain vigilant by updating passwords, enabling multi-factor authentication, and monitoring their accounts for suspicious activity. This incident shines a light on the ongoing cybersecurity challenges facing online financial platforms and the growing role of AI and malware in data breaches.
To delve deeper into this topic, read the full article on Cybernews.
