Online leak of PayPal passwords: Millions of accounts potentially compromised - check if yours is at risk?
In a concerning development, nearly 16 million PayPal login credentials have been reportedly offered for sale on the darknet. The data, suspected to come from an info-stealer program, is being circulated on an underground forum under the name "Chucky_BF".
Specialist portals like Heise and Hackread have expressed doubts about the data's authenticity, suggesting it might have been obtained through phishing attacks or info-stealers. The alleged data breach is said to have occurred on May 6, 2025.
Troy Hunt, a renowned cybersecurity expert, has expressed scepticism about the data being from PayPal. He affirmed that passwords are not stored in plain text by PayPal, which could indicate that the data might not be authentic.
To check if your PayPal data has been leaked online, you can use the "Have I Been Pwned" portal. You need to enter the email address associated with your PayPal account on this portal.
It's recommended to change your PayPal password as a precaution. However, it's crucial to avoid repetition of earlier passwords when protecting your data. The data offered for sale is unstructured, which supports the theory of phishing attacks or malware.
Test and fake accounts, as well as a typical structure, are indicative of the data originating from malware. While the seller claims to have millions of data sets, the price of 750 dollars for this data suggests questionable quality.
It's important to note that the alleged data breach does not necessarily mean PayPal's systems have been hacked. It's possible that individual user data ended up on the list through malware, phishing, or other scams. PayPal itself was likely not hacked.
As always, it's advisable to be vigilant about your online security and to use strong, unique passwords for all your accounts.
