Hackers recently announced on a well-known forum that they were selling a dataset of 15.8 million stolen PayPal credentials, allegedly including login emails and plaintext passwords.
The cybercriminals claim the information was stolen in May 2025, and the dataset contains not just emails and passwords but also associated URLs, making it easier for criminals to automate credential stuffing attacks and launch identity theft scams.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 23andMe user data breached in credential-stuffing attack
October 7, 2023
Biotech company 23andMe, known for its DNA testing kits, said the leak occurred through a credential-stuffing attack. A credential-stuffing attack involves user information that has already been compromised (usernames and passwords, for example) from one organization, which a hacker obtains and attempts to reuse with a second organization — in this case, 23andMe. Because of the ...
- MGM Resorts estimates $100M loss due to cyber attack
October 6, 2023
MGM Resorts sent a letter to customers regarding the recent cyber incident that took place on Sept. 11. MGM Resorts stated that on or around Sept. 29, it determined that an unauthorized third party obtained the personal information of some of its customers on Sept. 11. The company also said it filed an 8-K form with ...
- Clorox shares touch more than 5-year low on financial hit from cyber attack
October 5, 2023
Shares in Clorox were down 8.1% on Thursday, after hitting their lowest level since May 2018, after the cleaning supplies company’s warned that an August cyber attack would push it into a quarterly loss and slash up to 28% off its revenue. On Aug 14 Clorox said it took some systems offline after unauthorized activity disrupted ...
- Sony confirms cyber-attack exposed details of nearly 7000 current and former employees
October 5, 2023
Sony Interactive Entertainment has confirmed the personal information of 6,791 former and current employees was exposed as part of a cyber-attack in June. According to a report the data breach was carried out by the Clop ransomware group. Sony is now contacting anyone affected and is offering credit monitoring and identity restoration services. In correspondence notifying ...
- Ransomware group demands $51 million from Johnson Controls after cyber attack
September 28, 2023
Johnson Controls, a multinational conglomerate that secures industrial control systems, security equipment, fire safety and air conditioning systems, has been hit by a massive cyber attack. The company, which employs over 100,000 people around the world, suffered a ransomware attack over the weekend which left data encrypted and caused it to shut down sections of ...
- A Ransomware Group Is Claiming They’ve Breached Sony’s Systems And Stolen Data
September 27, 2023
Although the claims of a data breach are still unverified, Sony has publicly acknowledged the situation and issued a statement to IGN which simply reads, “We are currently investigating the situation, and we have no further comment at this time.” It looks like Sony may have been victim of a breach resulting in the collection of ...

