A hacker collective recently posted a dataset on a prominent leak forum claiming it includes around 15.8 million PayPal login credentials—comprising emails, plaintext passwords, and related URLs that could facilitate automated hacks or identity theft. The group asserts the data was stolen in May 2025, describing some passwords as strong yet noting widespread reuse among them.
Security experts who have reviewed a sample from the dataset cast doubt on the claim. The sample is too small to confirm a breach on that scale, and the asking price for the full data is unusually low. Experts also note the dataset format resembles logs created by infostealer malware, which harvests credentials directly from infected devices rather than from a company’s systems,
PayPal has firmly denied that any new data breach took place. The company stated that the leak appears to stem from a past security incident and is not the result of a recent system compromise. The previous incident in 2022 impacted about 35,000 accounts and was already addressed by regulators.
Despite uncertainty over whether the leak is fresh or recycled, experts warn that compromised credentials remain a serious threat. Users who reuse passwords across multiple services are especially at risk, as these details could fuel identity theft even if they originate from older breaches.
To stay protected, security professionals recommend immediate password resets—particularly for PayPal and any other accounts where the same credentials are in use. Enabling two-factor authentication and using a password manager to generate unique credentials are strongly advised.
