Stay updated with the latest Cybersecurity News on our TecnetBlog.

15.8M PayPal Accounts Exposed: Dark Web Credential Dump

Written by Adriana Aguilar | Aug 18, 2025 4:16:55 PM

Imagine this: A hacker announces on an underground forum that they are selling more than 15.8 million PayPal credentials. The package, called “Global PayPal Credential Dump 2025”, includes plain-text email and password combinations, along with direct links to PayPal login pages.

 

What’s inside the package?

 

According to the seller, the file is about 1.1 GB in size and contains records from multiple email providers across different regions. Unlike other generic “dumps,” this one includes specific paths such as /signin, /signup, /connect, and even Android login addresses — making it easier to automate login attempts and fraud attacks.

The published samples show Gmail accounts paired with passwords and linked directly to PayPal URLs, confirming that the dump could include access for both web and mobile platforms. While some passwords are unique and strong, the seller admitted that password reuse is common, which increases risks across other linked services.

 

How much does the database cost?

 

The listed price is $750 for full access — relatively cheap considering the volume of data. This suggests that the target buyers are groups specialized in fraud, account theft, and resale of access.

If confirmed, this could be one of the largest PayPal-related leaks in recent years, impacting millions of users from domains such as Gmail, Yahoo, Hotmail, and more.

 

You might also be interested in: Top 10 Deep Web and Dark Web Forums

 

Where did the data come from?

 

Experts believe this was not a direct PayPal breach, but rather data stolen through infostealer malware. Such malware infects personal devices, extracts credentials saved in browsers, and packages them for sale on the dark web.

The fact that the dump includes PayPal-specific paths strengthens the theory that these are credentials collected from infected users worldwide, not from PayPal’s systems.

 

Is it real or a scam?

 

So far, there is no official confirmation from PayPal or conclusive proof about the authenticity of the entire dataset. Some experts think it could be a mix of real, old, and fake data. However, the mere circulation of these credentials is enough to raise serious concerns.

 


Screenshot allegedly showing PayPal data for sale on a hacker forum. (Source: Hackread.com)

 

What does this mean for you?

 

If you use PayPal, take precautions immediately:

 

  1. Change your password now and avoid reusing it across services.

 

  1. Enable two-factor authentication (2FA) for an extra security layer.

 

  1. Keep your devices and systems updated to reduce malware risks.

 

  1. Be cautious with links and emails — avoid fake login pages.

 

Learn more: Top 10 Browsers for Accessing the Dark Web with Anonymity

 

At TecnetOne, we help protect your business

 

This incident highlights the value of anticipating risks. At TecnetOne, we specialize in cybersecurity and can help you implement strategies against credential theft, phishing attacks, and infostealers.

Don’t wait to become the next victim — strengthen your defenses today.

 
View full post