August 19, 2025, 9:51 am | Read time: 3 minutes
Now might be the time to change your PayPal login credentials. A hacker is currently claiming on the dark web to possess over 15.8 million data sets, which he is offering for sale. Users worldwide are affected.
Stolen PayPal Login Details from Multiple Countries
As an info post on X reveals, a figure named Chucky_BF is apparently behind the dubious offer. He claims to have over 15.8 million PayPal login details, which reportedly leaked back in May of this year.
The entire data set is said to be 1.1 gigabytes in size and includes email addresses from Gmail, Yahoo, or Hotmail, among others. Additionally, country-specific domains are reportedly present. Passwords were also stolen, which were in plain text and many of which were apparently reused multiple times. This means affected individuals could be at risk of a hack beyond PayPal. Furthermore, there are URLs associated with the logins that lead directly to login pages.
Multiple Fraud Possible
Chucky_BF claims that the stolen PayPal login credentials are particularly suitable for phishing, illegal account access, and other fraud campaigns. He allegedly demands $750 for full access.
At “Hackread,” some of the data has been examined. It was found that some logins appeared for multiple PayPal versions. Additionally, both real and fake or test accounts were found in the collection, which is typical for such hacks.
Data Leak with 16 Billion Passwords? What’s Really Behind the Reports
Major Attack on Gmail: Billions of Email Accounts at Risk
Was PayPal Hacked?
Whether all the data is authentic or if it might just be a reuse of an older leak is unknown. PayPal has not yet commented on Hackread’s inquiry.
It is also assumed that the so-called infostealer malware was used. This allows cybercriminals to infect target devices and steal stored logins, such as PayPal login details in this case. The data in the current collection may have been gathered from users worldwide. PayPal itself has never suffered a direct data breach. Therefore, it is not assumed that PayPal was hacked this time either.
TECHBOOK Recommends Changing Passwords
Although the data set for sale does not seem to contain any new leaked login data, PayPal requires two-factor authentication (2FA) by default—attackers can hardly do anything with just a password. Further phishing attacks or other social engineering approaches would be necessary to hijack an account.
We still recommend changing your PayPal password as a precaution. Popular password managers like those from Google and Apple now automatically indicate if your login details have become part of a data dump. It is worthwhile to follow the services’ suggestions. Alternatively, you can check on haveibeenpwned.com to see if logins have appeared in a data breach.