A dataset allegedly containing login details of nearly 16 million PayPal users has surfaced on a popular hacking forum, sparking concerns among customers. The information reportedly includes email addresses, plaintext passwords, and linked URLs that could be exploited for credential-stuffing attacks or identity theft.
Hackers claim the data was stolen in May 2025, but PayPal has denied reports of a fresh breach. In a statement, the company said the information is likely connected to older security incidents and malware-driven credential theft rather than any new vulnerabilities in its systems.
As reported by Cybernews, the company stated, “There has been no data breach – this is related to an incident in 2022 and not new.”
The dataset, first reported by Cybernews, is being sold on dark web marketplaces for just $2, a suspiciously low price that has led many researchers to question its authenticity. Security experts also point out that if such a massive breach had occurred recently, there would have been signs of widespread misuse already.
This is not the first time PayPal has faced scrutiny over data security. A 2022 incident exposed 35,000 accounts and led to a $2 million fine from the New York State Department of Financial Services for failing to comply with cybersecurity rules. The current claims, however, are far larger in scale.
Experts believe the new dataset may have been compiled using malware called “infostealer”, which can harvest passwords, cookies, and other sensitive data from infected devices. Some versions of this malware can even erase themselves after exfiltration, making detection difficult.
Is PayPal still safe to use after the 2025 breaches?
PayPal remains one of the world’s biggest fintech companies and is bound by strict security regulations. The company has not reported any major new breaches so far. Regardless of whether the leak is new or fake, security professionals advise users to act with caution.
How to protect your PayPal account from being hacked
- Resetting PayPal passwords immediately and updating any accounts that use the same credentials should be the first step.
- Enabling multi-factor authentication and using a password manager to generate unique logins across services can further reduce risks.
- For added protection, experts recommend keeping antivirus software updated and considering identity theft monitoring services, which can alert users if their data appears online.
While PayPal continues to dismiss claims of a new breach, the alleged leak highlights how stolen credentials, new or old, remain valuable to cybercriminals. For users, the safest course of action is to update passwords now rather than wait for confirmation.
