PayPal is considered one of the most popular online payment methods worldwide. Its ease of use and buyer protection make it the standard for many when it comes to online payments. But now an incident is causing concern: A hacker claims to have obtained millions of login credentials. It's not yet been conclusively proven whether all the information is correct, but the threat to PayPal accounts is real.
Data thefts have become part of everyday life online. This becomes particularly explosive when it comes to login credentials for payment services like PayPal, which are directly linked to bank accounts or credit cards. In the current incident, a data package is circulating under the title "Global PayPal Credential Dump 2025." It contains millions of login credentials – and could affect users worldwide.
15.8 million access data in circulation
In a relevant forum, a user named "Chucky_BF" appears with a dubious offer. For 750 euros, he is offering a data package allegedly containing 15.8 million PayPal logins. The package is approximately 1.1 gigabytes in size and, according to his description, contains not only email addresses but also passwords in plain text. Additionally, URLs are linked that could be used together with the login credentials. The data is said to have originated from a leak on May 6, 2025. Initial insights show that the data sets contain both real accounts and test and fake profiles. Such mixtures are not uncommon with stolen data and make it difficult to immediately assess the true extent of the leak.
Origin of the data
Evidence suggests that the data wasn't directly stolen by PayPal itself. It's much more likely that cybercriminals used so-called infostealer malware. This malicious software is installed on infected devices and reads login credentials and other information. This could have led to millions of PayPal login credentials being compromised via users' own computers.
Risks to affected accounts
Trading stolen credentials can have serious consequences. Attackers could make unauthorized withdrawals, misuse accounts for phishing campaigns, or use stolen data for identity theft. While not all of the 15.8 million records are likely to be authentic, even a subset is enough to cause significant damage.
Recommended immediate measures
To mitigate potential risks, some steps are considered particularly important:
- The password should be changed immediately, using a strong combination of letters, numbers, and special characters. (We recommend using the Passwords app for Apple users!)
- Account transactions must be checked regularly to quickly identify unauthorized debits.
- Emails claiming to be from PayPal should be carefully checked, as phishing messages may be circulating.
- Two-factor authentication provides additional protection and should definitely be enabled if it is not already set up.
Security at PayPal: Responsibility also lies with the users
The recent PayPal leak, involving 15.8 million login credentials, demonstrates once again how valuable digital identities are online. Whether the published figures are fully accurate remains to be seen, but the risk for PayPal users is serious. Those who change their passwords, use two-factor authentication, and keep an eye on their account activity significantly reduce the risk. PayPal itself remains a secure and established payment service. Nevertheless, the incident demonstrates that the security of online accounts always depends on user behavior. Vigilance is the most important protection. (Image: Shutterstock / Ink Drop)
- iCloud Private Relay: Simple data protection for Safari
- Protection against fraud: 9 simple tips for more security
- Apple Pay: Why the service is gaining importance worldwide
