A cybercriminal is offering to sell a “massive 2025 PayPal breach” on a cybercrime forum, claiming it exposes “15.8M credential pairs in plaintext,” with “raw email: password:url entries across global domains.” The price is just $750.
While Chucky_BF claims his leak is a high risk for credential stuffing, phishing, and fraud campaigns,” there is no confirmation yet that this is new data and not just a PayPal delineated subset from wider infostealer troves.
According to HackRead, which first reported the sale, the samples “show Gmail addresses paired with passwords and linked directly to PayPal’s login pages, while another features a user account appearing in both web and mobile formats, showing that the same account details were found in different versions of PayPal’s services.”
This seems to suggest “a mix of real accounts and test or fake ones, which is often the case with stolen databases.” The dataset includes plenty of reused passwords, which is a wider risk for those using the same email and passwords across multiple accounts.
There’s now so much data out there, that separating new from rehashed takes time, as we saw with the infamous 16 billion record new data breach that never was. What is undeniable, though, is that your passwords and email addresses are guaranteed to have leaked or breached or been stolen somewhere, and they will now be for sale.
Whether or not this is a new or an existing data breach, and even if it’s not all real, the advice is the same. You should access your PayPal account settings, go to Security, and ensure your password is strong and unique, you enable 2FA using an authenticator app, and that you add a passkey to your account. All that takes under 2 minutes.
That way you can read the procession of “massive” data breach headlines without worrying about your devices, your money or your identity. Conversely, if you still have accounts protected by nothing but passwords and SMS codes, you need to act now.
As for this breach, HackRead says “if the claims are accurate, this would represent one of the larger PayPal-focused leaks of recent years, with millions of users across Gmail, Yahoo, Hotmail, and country-specific domains implicated.”
I have reached out to PayPal for any confirmation or comments.