Hacker Offers to Sell 15.8 Million Plain-Text PayPal Credentials On Dark Web Forum

A hacker using the handle Chucky_BF is offering a batch of 15.8 million email–password pairs linked to PayPal for sale on a Dark Web marketplace. The data, said to be complete with PayPal-specific URLs across web and mobile endpoints, is being sold for just $750.  

According to Hackread, the data samples appear to contain credentials linked to Gmail accounts, including both PayPal’s web and Android login pages, suggesting the data was likely gathered via infostealer malware rather than a breach of PayPal systems.

Here’s a list of the data dump contents, according to the seller’s post:

• Login emails with gmail.com, yahoo.com, Hotmail.com and other country specific domains
• Plaintext passwords many of which are reused
• Associated URLs
• Credentials embedded in standards PayPal links alongside country domains and mobile formats

If legitimate, this dataset can be used in large-scale credential-stuffing attacks, targeted phishing and fraud campaigns. PayPal has not confirmed any data breach. Credential abuse of this scale more commonly stems from malware on users’ devices, not the company’s systems.

How to Stay Safe

Even if the authenticity of the data is uncertain, we recommend you safeguard your accounts and personally identifiable information by sticking to good cyberhygiene:

1. Reset Your PayPal Password
   Change your PayPal login immediately. If the password was reused across other websites or platforms, reset it there as well.  Choose a strong, unique password you haven’t used anywhere else.
2. Enable Two-Factor Authentication (2FA)
   This adds an extra barrier for attackers, even if they have your credentials.
3. Use a Password Manager
   A password manager helps you create and store complex, unique passwords for each online account. This prevents credential reuse and makes your accounts far harder to breach.

If you’re having trouble coming up with strong and unique passwords, you can use the Bitdefender Password Generator for free.

4. Check for Unauthorized Activity
   Regularly review your PayPal account activity, as well as linked bank or credit card statements. Enable PayPal’s notification system for login attempts and transactions.
5. Stay Alert for Phishing Emails
   Cybercriminals may try to exploit fear around this leak by sending fake PayPal security notices. Always verify messages through PayPal’s official site or app instead of clicking on links in emails.

 How Bitdefender Digital Identity Protection Helps

For users who may already be exposed in this or other breaches, Bitdefender Digital Identity Protection offers advanced monitoring and recovery support:

• Dark Web scans to determine whether your data has been leaked.
• A risk score based on your exposure and breach history.
• Real-time alerts with actionable steps to reset compromised passwords or secure accounts.
• Impersonation monitoring across social platforms to stop fraudsters posing as you.