Massive data breach sees 16 million PayPal accounts leaked online


Hackers recently announced on a well-known forum that they were selling a dataset of 15.8 million stolen PayPal credentials, allegedly including login emails and plaintext passwords.

The cybercriminals claim the information was stolen in May 2025, and the dataset contains not just emails and passwords but also associated URLs, making it easier for criminals to automate credential stuffing attacks and launch identity theft scams.

Read more…
Source: TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Advanced fined £6m over stolen patient data in 2022 cyber attack

    August 7, 2024

    The Information Commissioner’s Office (ICO) has imposed a £6.09 million fine on software provider Advanced following an initial finding that it failed to implement measures to protect the personal information of almost 83,000 people. A number of health and care systems delivered by Advanced first experienced major outages on 4 August 2022, disrupting several critical services ...

  • Kadokawa confirms data leak of 254,000 people due to cyberattack

    August 6, 2024

    Japanese publisher Kadokawa has confirmed a data leak affecting 254,241 people due to a cyberattack. The finding, announced Monday, is based on an investigation by third-party experts. Of the leaked data, information of 186,269 people was related to Kadokawa Dwango Educational Institute, including N High School, a correspondence school. Kadokawa reported the investigation results to the ...

  • Pharma giant Cencora is alerting millions about its data breach

    August 2, 2024

    Cencora has so far notified over a million people around the U.S. that their personal and protected health information was compromised in a data breach earlier this year. The pharmaceutical giant in May said that a February incident resulted in the compromise of patients’ data, which Cencora obtained through partnerships with drug makers it works with ...

  • Optus and Medibank Data Breach Cases Allege Cyber Security Failures

    August 2, 2024

    2022 was a big year for cyber security breaches in Australia. Both telecommunications provider Optus and private health insurer Medibank suffered large-scale data breaches affecting tens of millions of Australians, leading to heightened regulatory and business focus on cyber security in the years since. The two data breaches also led to legal action, with recent court ...

  • UK: Basic IT security failings left electoral register vulnerable

    July 30, 2024

    Basic IT security failings allowed Chinese state-linked hackers to access the election watchdog’s register containing the details of 40 million voters. The Information Commissioner’s Office (ICO) said the Electoral Commission had failed to keep its servers updated, allowing hackers to exploit the vulnerability. The National Cyber Security Centre (NCSC), part of GCHQ, has previously said it ...

  • Intruders at HealthEquity rifled through storage, stole 4.3M people’s data

    July 29, 2024

    HealthEquity, a US fintech firm for the healthcare sector, admits that a “data security event” it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses, telephone numbers and payment data.… The incident began in March but was only detected in June. The company said in a ...