A dataset claiming to contain 15.8 million PayPal credentials, including login emails and plaintext passwords, was posted on a data leak forum. While the hackers assert the data is recent, PayPal has denied a new breach, stating the post is related to a 2022 credential stuffing incident.
The hackers claim to have obtained the data in May, which includes login emails, plaintext passwords, and associated URLs. If confirmed, this leak would pose a significant risk, as it provides a crucial first line of defense for attackers. The data is structured to facilitate automated credential stuffing attacks.
However, researchers note that the small data sample provided by the attackers is not enough to verify their claims. They also point out that the low selling price of the dataset suggests its quality may not match the claims. Experts believe the data was likely stolen via infostealer malware rather than a direct breach of PayPal, as the data structure is consistent with what this type of malware collects.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
