Recently, news spread online claiming that PayPal is another company that had suffered a massive data breach. Hackers on a popular leak forum said they had stolen more than 15.8 million login credentials, including emails and passwords. At first glance, this sounds alarming for PayPal users around the world. But the company strongly denies these claims and says there has been no new data breach. So, what really happened? Let’s find out.
What hackers are claiming
The attackers posted a dataset for sale online. They said it included millions of PayPal emails, plain-text passwords, and even links to accounts. According to them, the data was taken in May and represented fresh information from PayPal users worldwide.
If true, this would be serious because login details could give cybercriminals access to accounts. But there are some red flags in their story:
- The hackers only shared a very small sample of the data, so experts cannot confirm if it’s real.
- Hackers are selling the whole dataset for only $750, which is unusually low for millions of supposed accounts. Experts say this low price suggests the data isn’t as valuable or fresh as the hackers claim.
- On top of that, many of the ‘strong-looking’ passwords are just reused ones, likely pulled from older leaks rather than stolen directly from PayPal
PayPal’s take on this
PayPal denies any breach. The company says the data for sale is not new but comes from a security incident that happened back in 2022. A PayPal spokesperson told Cybernews: ‘There has been no data breach – this is related to an incident in 2022 and not new.’ How is this possible? Well, hackers are likely recycling or reselling old information and pretending it’s a new leak. This is a common trick in the cybercrime world, where attackers exaggerate to get attention or make quick money.
Why the data may look “new”
Even though the hackers claim the passwords are recent, many security experts believe the opposite. The fact that the dataset is being sold so cheaply suggests the hackers don’t consider it very valuable. If the data really contained millions of working PayPal logins, the price would be much higher.
Also, because so many of the passwords are repeated from other leaks, the actual number of useful, working accounts may be much smaller than advertised.
What users should do
Whether or not this is a new breach, it’s always smart to take steps to protect your account. PayPal recommends the following:
- Create a strong password that you don’t use anywhere else because recycled passwords make it easy for hackers to break in.
- Turn on two-factor authentication (2FA). This adds a second layer of security, like a code sent to your phone, so even if someone gets your password, they can’t log in easily.
- Careful with strange emails or links because hackers often use phishing tricks to steal your login details.
- Check your PayPal account often. If you spot anything suspicious, report it to PayPal right away
PayPal’s security measures
PayPal assures users that it follows strict global security standards and continuously monitors for threats. While no system is 100% safe, the company stresses that there has been no new data breach and that user accounts remain protected.
Even so, security experts warn that this is a reminder to take online safety seriously. Hackers often reuse old data, and because many people recycle the same passwords, it makes their accounts easier to attack
So…
Whether or not the breach rumors are true, PayPal users should remain cautious. Simple steps like setting strong passwords, turning on two-factor authentication, and monitoring account activity can go a long way in keeping accounts safe.
PayPal continues to assure customers that their accounts are secure, but personal habits are still the best defense against hackers. Are you taking these steps to protect your account?