A hacker going by the identify Chucky_BF has allegedly stolen particulars for 15.8 million PayPal accounts and is promoting them on an web discussion board at a cut price value of simply $750 USD. The treasure trove of information, which is being saved in a TXT file, is alleged to be 1.1 GB in dimension. Nevertheless, the authenticity of the PayPal information has not but been confirmed.
You possibly can see a screenshot of the provide on this social media submit . In response to the hacker, the PayPal passwords can be found in plain textual content and the e-mail addresses of those PayPal accounts originate from Gmail, Yahoo!, Hotmail, and numerous country-specific domains.
🚨Cyber Alert – PayPal‼️Do you might have a PayPal account? It may be time to alter your password.A menace actor utilizing the alias “Chucky_BF” claims to be promoting 15.8 million e-mail and plaintext password pairs linked to PayPal accounts worldwide.The authenticity of this declare… pic.twitter.com/oRz9J1BESC— Hackmanac (@H4ckmanac) August 16, 2025
How the stolen PayPal information was acquired
As of this writing, the hacker hasn’t mentioned the place the info got here from or how a lot of it’s nonetheless updated.
On this social media submit, well-known safety skilled Troy Hunt suspects that the hacker didn’t steal the info straight from PayPal’s servers since PayPal doesn’t retailer passwords in plaintext. Almost certainly they had been taken from customers, maybe by way of infostealer malware.
In response to safety web site Hackread, which checked among the information, there are some take a look at accounts and pretend accounts interspersed among the many PayPal accounts, however many are real.
Wanting on the PayPal Newsroom, the corporate has not but issued a press release about this as of this writing.
Right here’s what it’s best to do now
If in case you have a PayPal account, it’s best to instantly go examine your transaction historical past and account settings for any suspicious exercise. You also needs to change your PayPal password ASAP—and if you happen to use the identical password for different accounts, it’s best to change these account passwords as nicely. Contemplate your password compromised.
Additional studying: Cautious! That PayPal e-mail might be a phishing rip-off
This text initially appeared on our sister publication PC-WELT and was translated and localized from German.
