297/68 Tuesday, August 19, 2025
A threat actor using the alias Chucky_BF has reportedly advertised a massive database allegedly containing PayPal login credentials on a cybercrime forum. The data set, dubbed the “Global PayPal Credential Dump 2025,” is over 1.1 GB in size and includes more than 15.8 million records of plain-text email and password combinations. Some entries even contain associated URLs linking to PayPal login pages, both for web and mobile versions, making the dump a highly attractive target for cybercriminals aiming to conduct credential stuffing attacks, phishing, or financial scams.
Initial reviews of sample data show Gmail addresses paired with actual passwords, along with direct links to PayPal login portals. Some records appear to include both web and mobile usage, suggesting the data may have been sourced from multiple platforms simultaneously. The seller claims many credentials are unique and strong, though a significant portion has been reused across different websites, increasing the risk not just for PayPal users but also those using the same passwords elsewhere. The dataset is currently priced at USD $750.
There is no conclusive evidence yet that PayPal itself was directly breached. Historically, most PayPal-related leaks have stemmed from credential stuffing attacks or infostealer malware that harvests login credentials from infected devices and resells them. The format of this data appears consistent with such infostealer logs. As of now, PayPal has not officially confirmed or denied the legitimacy of the breach, so it remains unclear whether the data is authentic or mixed with fake or outdated information.
Source https://hackread.com/threat-actor-selling-plain-text-paypal-credentials/
