PayPal denies breach after hacker claims leak of 15.8 million credentials on dark web

August 24, 2025

In mid-August 2025, panic spread online after a hacker claimed to leak more than 15.8 million PayPal account credentials. The leak, advertised on dark web forums, included email addresses, passwords, and related login links.

The news created fear among users and businesses that depend on PayPal for daily transactions. However, PayPal has denied that its systems were hacked this year. The company says the leaked data does not come from a new breach but from older attacks where stolen credentials were reused.

Hacker leak raises global alarm

The leaked database appeared on underground websites where stolen information is often sold. What surprised experts and users was the price. The hacker offered the entire dataset for only two dollars. Such a low price led to suspicion about the authenticity of the leak.

Cybersecurity researchers who checked parts of the dataset reported that the information seems to have come from infostealer malware. These are programs that secretly capture passwords and account details when people type them on infected devices. Instead of being stolen directly from PayPal servers, the leaked data was likely collected from different sources over time and then packaged together.

This is not the first time PayPal has faced claims of stolen data. In 2022, credential-stuffing attacks exposed user details when criminals used passwords stolen from other sites to try logging in to PayPal. Security experts say the newly leaked data may also include information recycled from such earlier incidents.

While the hacker claimed it was a fresh dump, researchers could not confirm if the data was recent. Still, the leak contained PayPal-specific login points, including links for sign-ins and mobile apps. This suggests that the information could still be useful for fraud attempts.

PayPal response and risks for users

PayPal quickly responded to the reports. In statements shared with media, the company stressed that there is no evidence of a new hack in 2025. Internal investigations showed that PayPal’s systems were not breached. The company said the data was most likely taken from past malware infections or older attacks outside PayPal’s own platform.

Even though PayPal denied a fresh breach, security experts warn that the leak still poses risks. Many people use the same passwords across different platforms. This makes it easy for criminals to attempt login with stolen details. If the leaked information includes reused passwords, hackers could access PayPal accounts, linked bank accounts, or credit cards.

DaVita Under Siege: Cyberattack Hits Dialysis Giant, Put 2.7 Million Lives at Risk

Social media platforms quickly filled with worried posts. Some users said they rushed to change their passwords. Others urged people to enable two-factor authentication, which adds another layer of security. Many cybersecurity pages highlighted the need to use unique, strong passwords and avoid reusing the same password for different sites.

This is not the first time PayPal has had to defend its security record. In the past, breaches or attacks linked to the company or its subsidiaries have raised concerns. Older cases showed that outdated or recycled data can still be dangerous if users have not updated their account protections.

What users should do now

Experts and online security communities are urging PayPal users to act cautiously. Even if the leaked database is old, the information can still be misused. People who reuse passwords or have not updated their login details for years are at the highest risk.

Security professionals advise that PayPal users should immediately change their account passwords and make sure they are unique. They also recommend turning on two-factor authentication, preferably using an authentication app instead of text messages. Checking personal email addresses on breach monitoring sites is another way to know if credentials have been exposed in earlier leaks.

Orange confirms ransomware breach with 4 GB of customer data exposed on dark web

Using a password manager is also suggested by experts, since it helps generate and store strong, unique passwords for every account. PayPal itself has advised users to keep an eye on their accounts and watch for unusual activity. Any unauthorized charges or strange login attempts should be reported without delay.

For businesses, the leak has raised wider concerns. PayPal’s statement that no new breach has occurred has not completely erased fears. With over 15 million account details circulating on the dark web, the possibility of fraud and identity theft remains a major issue.