A hacker is reportedly selling a huge batch of PayPal account details online, putting as many as 15.8 million users at risk.
The stolen file, said to contain passwords in plain text, is being sold for just $750 on an underground forum. Security experts believe the data wasn’t hacked directly from PayPal (since the company doesn’t store passwords in this way) but was most likely stolen from users through malware or phishing attacks.
While the authenticity of the full dataset hasn’t been confirmed, early checks suggest at least some of the details are real. PayPal has not yet issued an official statement.
What PayPal users should do immediately
If you have a PayPal account, take these steps now to help protect yourself:
- Change your PayPal password straight away. And do the same for any other accounts where you’ve used the same login details.
- Turn on two-factor authentication (2FA) for added security.
- Check your recent transactions and account settings for anything suspicious.
- Be alert to phishing emails or texts pretending to be from PayPal.
Don’t wait until it’s too late
Cybercriminals often sell stolen logins cheaply and quickly. Meaning accounts can be compromised before companies even issue a warning. If you’ve ever reused a PayPal password, your wider digital footprint could be at risk too.
We’ve put together a practical guide to help you stay safe after a breach. From spotting fraud to securing your accounts, it explains the steps you can take right now to protect your personal information.
