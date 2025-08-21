The payment service PayPal is suspected of being affected by a major data leak. You shouldn't panic, but you should take security measures immediately. Picture: Sebastian Kahnert/dpa

Millions of Paypal logins are being offered for sale on the darknet. Experts are not sure how up-to-date the data is. You can protect yourself from nasty surprises with a few tricks.

Andreas Fischer

It's a bargain: More than 15 million login details for PayPal accounts are currently being offered on the internet. The user "Chucky_BF" only wants 750 US dollars for them. A good deal for criminals: they could go on a shopping spree with the data.

The data set contains email addresses, passwords, URLs - all in plain text, reports the cybersecurity website "Hackread". It is unclear whether the data is genuine. IT expert Troy Hunt points out in a post on X that the data cannot have come directly from PayPal, as the payment provider stores the passwords in encrypted form. Hunt founded the website "HaveIBeenPwned"a few years ago: Here you can check whether your email address appears in data leaks.

🚨Cyber Alert - PayPal‼️



Do you have a PayPal account? It might be time to change your password.



A threat actor using the alias "Chucky_BF" claims to be selling 15.8 million email and plaintext password pairs linked to PayPal accounts worldwide.



The authenticity of this claim… pic.twitter.com/oRz9J1BESC — Hackmanac (@H4ckmanac) August 16, 2025

It is more likely that the data set was collected via phishing or malware attacks or compiled from older data leaks. This would also explain the discount price.

Given passwords definitely didn’t come from PayPal in plain text, they’ve either been obtained another way (info stealer, credential stuffing) or there’s another explanation for this claim 🤔 https://t.co/xmDyRaFbhL — Troy Hunt (@troyhunt) August 16, 2025

Despite all doubts about the authenticity of the data, you should be careful. It cannot be ruled out that current and working combinations of email addresses and passwords can also be found in the collection. This is no reason to panic, but you should follow a few simple security tips: Last but not least, now is a good time to change your PayPal password.