- The pirates pretend to sell millions of PayPal connections, but the experts suspect a unfair game
- The set of data allegedly include passwords, emails and URLs for automated attacks
- Experts say that the disclosed sample is too small to confirm authenticity, and its low price throws doubt on its legitimacy
The pirates recently announced on a well-known forum that they sold a set of data of 15.8 million Paypal identification stolen, allegedly including connection emails and clear text passwords.
Cybercriminals claim that the information was stolen in May 2025, and the data set contains not only emails and passwords, but also associated URLs, which facilitates criminals to automate the attacking attacks of identification information and launching identity flight scams.
They also claim that if many disclosed passwords seemed unique and “strong”, a large part has been reused. If this is true, the value of emptying can be smaller than that suggested.
Doubts about the claims of violation
However, the experts who examined the small sample released to the public concluded that it was insufficient to verify the attackers’ complaints, noting that if the violation really occurred in May 2025, a large part of the usable data could already have been exploited.
Interestingly, the price set for the alleged database is surprisingly low, which increases new doubts about its authenticity.
High -quality stolen data controlled much higher prices on the Dark web.
However, Paypal quickly denied any new violation, pointing to a “security incident” from 2022, which involved attacks on padding of diplomas and led regulators to bring the business earlier this year.
This event saw only 35,000 accounts on display, far from the millions of people now claimed by the attackers.
The skeptics support the resemblance between the alleged Paypal dataset and the structure of the infostealer malicious newspapers from an older event suggests an unfair game.
The infosteolors quietly harvest passwords, cookies and other details of infected devices, often packing the data with an URL followed by connection information.
It is quite common to find identification information listed in thieves’ newspapers circulating on the Dark web markets, but these are not directly from the Paypal system; They come from compromise user devices.
It doesn’t matter if this new statement is authentic, the situation underlines how easy it is for user information to circulate once stolen.
The disclosed connection details can allow identity theft and financial fraud long after the initial compromise.
Users who have reused PayPal identification information on other platforms are vulnerable to attacks.
How to stay safe
- Change your PayPal password and avoid reusing it on other services.
- Activate multi-factory authentication to add an additional safety layer.
- Monitor the accounts regularly signs of theft of identity or unusual activity.
- Use a solid internet safety suite with firewall protection.
- Be careful with links and attachments that can transport malware from infostealer.
- Consider dedicated identity flight monitoring services for additional protection.
Via cybernews
