19.08.2025
2 min
463
An archive of 15.8 million PayPal credentials has appeared on a forum for selling leaked databases. The authors claim that this is a fresh hack, but the company officially denies the fact of a new leak and links the information to the 2022 incident.
Hackers posted a post about selling a database that allegedly contains emails, passwords in plain text, and even associated URLs of PayPal accounts. If the data is genuine, it could be the key to credential stuffing attacks and unauthorized access to accounts.
PayPal representatives said in a comment to Cybernews that this is not a new attack, but an old incident from 2022. Then the company suffered from a large-scale credential stuffing attack, during which attackers compromised about 35 thousand accounts. In 2025, PayPal agreed to pay $2 million to US regulators for failing to comply with cybersecurity requirements.
Researchers note that there is currently no confirmation of the authenticity of the new database: the sample provided is too small, and the low price at which the archive is being sold may indicate questionable data quality. The likely source of the leak may be info-stealers – malicious software that steals saved logins, passwords and cookies from browsers.
PayPal has never officially reported large-scale leaks from its own servers. However, attacks using info-stealers have become a major problem in recent years. This type of malware is actively sold on darknet forums and is capable of collecting huge amounts of data, which are then presented as “hacked” accounts of large companies.
The situation with PayPal demonstrates that even without a direct hack of the company, users can be at risk due to info-stealers and password reuse. Experts advise enabling multi-factor authentication, changing passwords regularly, and checking for data leaks.
