PayPal is a very lucrative target for malicious actors since the platform is responsible for managing financial transactions for millions of users on a global scale. As such, it is extremely alarming when a malicious actor claims to have access to login credentials of millions of accounts and is selling them online.
According to multiple outlets which have seen the massive PayPal data dump, such as Hackread and Cybernews, the "Global PayPal Credential Dump 2025" repository on the dark web contains email addresses and plaintext password pairs for 15.8 million accounts. The seller also claims to have access to user-specific endpoints which can be leveraged to automate logins and abuse other PayPal services. Altogether, the trove weighs in at about 1.1GB, and the seller is asking for $750 for anyone who wants access to it.
PayPal downplayed this issue in a statement to Cybernews, claiming that the data dump is not a result of a new breach, rather, it is from a cybersecurity incident in 2022. In that year, PayPal suffered credential-stuffing attack, and in January 2025, the company paid a $2 million fine to U.S. regulators after it was deemed that its platform security measures weren"t strong enough to govern who gets access to personal user data like phone numbers, emails, addresses, and social security numbers.
That said, the seller has denied that this data comes from an older breach, and says that it is actually from an incident in May 2025. Interestingly, PayPal hasn"t disclosed any cybersecurity lapse that occurred during this timeframe. This indicates that if the data is indeed valid, it may have been captured through an infostealer malware. That said, it is impossible to verify the authenticity of the data without getting full access to it. As always, make sure you have a strong password that was recently updated and that you leverage multi-factor authentication (MFA) mechanisms.