Alleged PayPal Data Breach Exposes Over 100,000 Credentials on Dark Web

Another wave of PayPal logins just hit the dark web—roughly 104,000 sets this time, all tossed onto a forum for anyone to grab, no payment needed.

It’s only been a few months since a big batch went up for sale, and now this, clearly showing that stolen PayPal credentials still matter a lot to cybercriminals. If you use PayPal, now’s probably a good moment to tighten up your security.

A New Credential Dump Hits the Streets

On January 11, a threat actor who goes by “Lud” posted on a popular forum. They claimed to be sharing a fresh combo list of PayPal credentials. The list contained approximately 104,472 email and password pairs.

The data, allegedly from December 2025, was shared as a “free download.” Links to multiple file hosting services were provided. This free release is particularly dangerous. It lowers the barrier for other criminals to launch attacks. Unlike paid datasets, this information is now in the wild for anyone to use.

Security analysts say attackers are almost guaranteed to use this data for credential-stuffing. Here’s how it goes: bots grab those stolen usernames and passwords and start testing them on all sorts of sites. The problem? Users often create identical passwords for all of their accounts, making it easy for hackers to access all of them after compromising only one account.

A Recurring Problem for PayPal Users

This is not an isolated event. It’s part of a disturbing pattern targeting PayPal accounts, and mirrors a broader crisis where dark web markets are being flooded with login credentials from major corporations. Last August, a hacker tried to sell a massive pile of PayPal login details – like, 15.8 million of them, just in plain text. They were asking only $750 for the whole stash on some dark web site.

This bulk, low-price model contrasts with other dark web markets where individual stolen crypto accounts can sell for shockingly low prices, sometimes as little as $105, making them accessible to a wide range of criminals.

Analysis of that prior leak suggested the credentials were likely stolen by info-stealer malware on users’ own devices. This isn’t like hacking straight into PayPal. It shows how stealing logins usually begins with malware on people’s computers.

PayPal’s seen this before, too. In December 2022, some hackers got their hands on login info from elsewhere and broke into about 35,000 PayPal accounts. After that, people took PayPal to court, arguing their security just didn’t cut it. The whole thing made it clear—stronger security, like using multi-factor authentication, really matters.

Staying Safe from PayPal Data Thefts

If you use PayPal, you should act immediately. Don’t wait for an official notice. Assume your data could be part of these circulating lists. For a comprehensive action plan if your data is found on the dark web, refer to our step-by-step guide. Changing the password associated with your PayPal account is the first and most important thing you can do to improve your security; create a strong password that is not easily guessed and use it for nothing else.

Your containment move shouldn’t stop at just changing your password; also, turn on two-factor authentication too, so that should someone manages to figure out your password, they’ll still need the code that goes to your phone to get in.

To lock down your accounts even more, grab a FIDO security key. Honestly, it’s tough to beat when it comes to keeping your account safe from phishing.

Be sure to watch for unusual account activity as well. Scan for any payments or charges that don’t look familiar. Check your linked bank and credit card statements, too. Watch out for fake emails pretending to be PayPal—don’t click any sketchy links. If you need to check your account, type the PayPal address yourself or use their app. Taking these steps today can save you from a financial headache tomorrow.