Hackers recently announced on a well-known forum that they were selling a dataset of 15.8 million stolen PayPal credentials, allegedly including login emails and plaintext passwords.
The cybercriminals claim the information was stolen in May 2025, and the dataset contains not just emails and passwords but also associated URLs, making it easier for criminals to automate credential stuffing attacks and launch identity theft scams.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- MediSecure reveals 12.9 million Australians had personal data stolen in cyber attack earlier this year
July 18, 2024
eScript provider MediSecure has revealed the personal data of 12.9 million Australians was stolen by hackers earlier this year, making it one of the largest cyber breaches in Australian history. MediSecure, which facilitates electronic prescriptions and dispensing, confirmed it was the victim of a large-scale data breach in May. The company had previously not disclosed how ...
- HS2 investigating possible misconduct tied to ‘serious’ data breach
July 18, 2024
HS2 has launched a formal investigation into allegations of gross misconduct tied to a “serious” data breach earlier in the year, City A.M. understands. Sources allege the incident took place in late May. HS2 Ltd, the company sponsored by the Department for Transport (DfT) to oversee the project, subsequently began an investigation into a potential significant ...
- London council slammed for ‘severe’ data breach in ‘avoidable’ cyber attack
July 17, 2024
Britain’s data watchdog has lambasted London’s Hackney Council for a cyber attack that “severely” impacted residents, saying the breach was “a clear and avoidable error.” In October 2020, hackers infiltrated Hackney’s systems, accessing, encrypting, and in some instances exfiltrating personal data. The compromised information included residents’ names, addresses, racial or ethnic origins, religious beliefs, sexual orientations, ...
- Disney faces potential data breach, hacker group claims massive leak
July 15, 2024
The Walt Disney Company is reeling from a suspected cyberattack by a hacktivist group calling itself NullBulge, exposing a significant amount of sensitive information. NullBulge announced its exploit on 12 July on both the cybercrime forum Breach Forums and X/Twitter. The group said it infiltrated Disney’s internal Slack communication platform, leaking 1.2 terabytes of data online. Read ...
- Rite Aid confirms data breach following ransomware attack
July 15, 2024
American drugstore chain Rite Aid has confirmed that last month’s ransomware attack resulted in data theft. In a statement, the company said it was currently investigating the cyberattack, and is working on sending out data breach notifications to affected customers. “Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation. We ...
- AT&T data breach exposes call records of ‘nearly all’ wireless customers
July 14, 2024
US telecom giant AT&T disclosed on Friday a data breach that exposed phone records of “nearly all” of its customers. The breach, affecting an estimated 110 million people, comes just months after another AT&T security incident involving personal information, and was disclosed in a filing with regulators last week. “We learned that AT&T customer data was ...

