More than 15.8 million PayPal accounts are being sold on the dark web, suspected to be related to a new data leak
PayPal has always been a 'fat bait' for cybercriminals, because this platform processes financial transactions for millions of users globally. Therefore, information about a huge database containing login information of 15.8 million PayPal accounts being sold on the dark web has caused a stir in the cybersecurity community.
According to sources like Hackread and Cybernews, the data dump, dubbed 'Global PayPal Credential Dump 2025', includes emails and plaintext passwords. Additionally, the seller claims to have access to user endpoints that can be exploited to automate logins and abuse many other PayPal services.
The entire data weighs about 1.1GB and is listed for $750.
PayPal confirmed to Cybernews that this is not a new vulnerability, but data related to a credential stuffing attack from 2022. At that time, many accounts were exploited by criminals using information leaked from other sources to log in illegally.
In early 2025, PayPal even had to pay a $2 million fine to US regulators for not having strong enough measures to protect sensitive user data such as phone numbers, emails, addresses and social security numbers.
Notably, the seller of the data denies that it came from the old attack, claiming that it was the result of a new cybersecurity incident that occurred in May 2025. Meanwhile, PayPal has never announced any incidents during this period.
This raises suspicions that the data may have been collected via infostealer malware. However, it is currently impossible to verify the authenticity of all the data without direct access.
While the truth behind it remains unknown, cybersecurity experts recommend that PayPal users immediately take the following safety measures:
- Set strong passwords and change them often.
- Enable multi-factor authentication (MFA) for added security.
- Monitor for unusual financial transactions and report any suspicious activity to your bank or PayPal immediately.
