The Shocking Leak of "15.8 Million" PayPal Accounts: Warnings Spread on X, Consumer Groups Also Issue Alerts - Should You Change Your PayPal Password Immediately?

The German news site RUHR24 reported a warning that email addresses and password sets equivalent to "about 15.8 million" PayPal accounts are being sold. The seller is a hacker going by the name "Chucky_BF." The data is said to be a 1.1GB text created on “May 6,” and while its authenticity is unconfirmed, users are urged to immediately change their passwords and monitor for suspicious activity. The article also introduces basic measures from consumer organizations.ruhr24.de

What Happened—Numbers and Claims

Multiple security media outlets reported that "15.8 million PayPal logins (email + plaintext password + related URL)" are being sold for “$750” on a hacking forum. The information has been confirmed by reports from Hackread and Bitdefender, and the source is likely not a direct breach of PayPal but rather a "collection of logs from info-stealer malware."hackread.comBitdefender

Meanwhile, PayPal denies any "new breach." Some reports introduce the company's explanation that it relates to “past incidents (the 2022 case).” Even if the authenticity is uncertain, the risk of cross-site misuse of reused passwords is real.Tom's GuideTechRadarCybernews

Reactions on Social Media—Warnings, Skepticism, and Practical Advice

On X (formerly Twitter), the cyber intelligence account Hackmanac quickly warned about the "claim of selling 15.8 million plaintext credentials by Chucky_BF." A post urging users to change passwords and enable 2FA spread widely. Threat intelligence aggregator ThreatMon also shared the "announcement of a 1.1GB dump" to raise awareness.X (formerly Twitter)

Among researchers and media, skepticism grew with questions like "Is the price too low = poor quality?" and "Is it a collection of old/reused data?" German tech media introduced the view that "the source is unlikely to be PayPal itself." Many realistic voices urged general users to "not panic, but take proactive defense."heise online

Additionally, consumer center accounts and sites warned of an increase in "PayPal phishing impersonations" timed with the news. Techniques involving fake notifications like "Subject: Account Restriction" leading to fake logins were reported, and users were advised to open settings directly from the official app/site.Verbraucherzentrale.de

What the Price of “$750” Indicates

A bargain for such a massive dataset—this often suggests "not new or high-quality breach data, but a collection of 'logs' stolen separately through phishing or malware." Info-stealers can extract browser-saved passwords, cookies, and autofill information, sometimes including plaintext passwords. As a result, there is often a mix of "old/reused" data with many duplicates, and buyers use it for credential stuffing by "hitting with volume." Reports generally mention this scenario.Tom's GuideTechRadar

The Reality of the Risk—Credential Stuffing

Attackers use the purchased credential list to attempt logins across e-commerce, subscriptions, email, cryptocurrency exchanges, etc., using bots. The higher the password reuse rate, the higher the success probability, and accounts without two-factor authentication are targeted for hijacking and fraudulent transfers. The RUHR24 article also warns of such methods.ruhr24.de

Practical Measures You Can Take Now (with Verification Links)

1. Immediate Change of PayPal Password: Make it long, unique, and hard to guess. Eliminate past reuse.Verbraucherzentrale.de

2. Enable Two-Factor Authentication (2FA/MFA): Prefer apps/physical keys over SMS.Verbraucherzentrale.de

3. Check for Suspicious Logins/Payments: Review history and notification settings.Verbraucherzentrale.de

4. "Do Not Change Settings from External Links": Use the official app/bookmark instead of URLs in emails or SMS.Verbraucherzentrale.de

5. Self-Check with Leak Verification Tools:
   ・Check your email address on Have I Been Pwned (HIBP).Have I Been Pwned
   ・experte.de with Japanese explanation.Experte
   ・Bonn University's Leak Checker (results via email notification).Leak Checker
   ※"Official inquiry window for the current 'PayPal suspicious data'" has not been released at this time. Even if the check result is "safe," if there is reuse,be sure to change.

6. Review Other Services: Eliminate reuse with a password manager, and if possible,transition to passkeys.

7. Beware of New Phishing Posing as "Account Suspension": Fake warnings in PayPal's name have been observed recently.Verbraucherzentrale.de

Chronological Order (Japan Time/Asia/Tokyo)

• Around August 18, 2025: Security papers and researchers successively reported/shared the "announcement of the sale of 15.8 million."hackread.comBitdefenderX (formerly Twitter)

• Same Period: PayPal reportedly commented that there is "no new breach."Tom's GuideTechRadarCybernews

• August 21-24: General media and local newspapers spread warnings. RUHR24 published an updated article.ruhr24.de

Editorial Note—"Even if Uncertain," Preparation is Correct

Even if the data is an old collection,the reality that "password reuse"becomes a breach point does not change. Phishing increases when news spreads.To gain maximum peace of mind at minimal cost, the three things you can do now are "① Make all account passwords strong and 'unique,' ② Ensure 2FA, and ③ Avoid clicking suspicious links." By following these, even if a "big fuss" like this occurs, your account can stand on the "less targeted side."

Powered by Froala Editor