15.8 Million PayPal Logins Allegedly on Sale in Hacker Forum

by | Aug 18, 2025 | News

Post Views: 881

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

Hacker Advertises 15.8 Million PayPal Credentials on Cybercrime Forum

A cybercriminal going by the alias Chucky_BF is advertising a massive trove of alleged PayPal credentials on a hacker forum. The dataset, dubbed the “Global PayPal Credential Dump 2025,” reportedly contains 15.8 million plaintext email-password combinations linked to PayPal accounts.

The seller claims the leak spans accounts worldwide and includes structured data that could make abuse easier for cybercriminals.

Details of the Alleged Dataset

According to the forum listing, the dataset is roughly 1.1GB in size and contains records from multiple email providers across different regions.

Unlike many generic dumps, this one reportedly includes direct PayPal URLs and endpoints such as:

/signin
/signup
/connect
Android-specific URIs

These additions could simplify automated login attempts and service abuse. The seller describes the data as “raw email:password:url entries across global domains,” positioning it as a valuable resource for credential stuffing, phishing, and fraud operations.

Hackread’s Review of Samples

Hackread.com examined some samples posted by the seller. They showed Gmail accounts paired with passwords and linked directly to PayPal login pages. In one example, the same account appeared in both web and mobile PayPal services, indicating the dataset may include multi-platform logins.

While the dump reportedly contains many strong, unique passwords, the seller admitted that password reuse is widespread. That raises the risk that exposed users could face account compromise beyond PayPal.

Screenshot shows alleged PayPal data being sold on a hacker and cybercrime forum (Image credit: Hackread.com)

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Pricing and Buyer Appeal

The seller is asking $750 for full access to the database. That price point aligns with other large credential dumps sold in cybercrime forums and suggests the dataset is being marketed to groups specializing in fraud, resale, or account takeovers.

If legitimate, this would rank among the largest PayPal-focused leaks in recent years, impacting millions of users across Gmail, Yahoo, Hotmail, and other global domains.

Infostealer Malware as the Likely Source

Security analysts believe the dataset likely originates from infostealer malware logs rather than a direct PayPal breach. Infostealers compromise personal devices and extract saved login data, browser history, and credentials — which are later bundled and sold on dark web markets.

The inclusion of PayPal-specific URLs and mobile URIs strengthens the theory that the data was harvested from infected users worldwide.

Historically, PayPal has not suffered a direct system breach affecting millions of accounts. Past incidents — including one that impacted 35,000 users — were linked to credential stuffing attacks or previously leaked data.

Trending: Using Favicon for OSINT

Authenticity Remains Unverified

At this stage, it is unclear whether the dataset is fully authentic, a mix of real and fake records, or a repackage of older leaks.

Hackread.com could not independently verify the data, and PayPal has not confirmed or denied the claims. The company has been contacted for comment, and updates will follow once an official response is available.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: hackread.com

Source Link