An individual using the handle “Chucky_BF” is reportedly selling what they claim to be a database of 15.8 million PayPal accounts for the surprisingly low price of $750. The file, which is said to be 1.1GB in size, allegedly contains plaintext email addresses and passwords from a wide range of domains, including Gmail, Yahoo!, and Hotmail. Screenshots of the sale have surfaced on social media, though experts caution that the legitimacy of the data has not been independently verified.
According to renowned cybersecurity researcher Troy Hunt, the data almost certainly did not originate from PayPal itself, as the company does not store user passwords in plaintext. Instead, the credentials were likely gathered through third-party breaches or malware infections on user devices. Preliminary analysis by Hackread supports this theory, noting the presence of both fake accounts and real credentials in the sample they reviewed. Despite the growing online chatter, PayPal has not issued an official comment regarding the situation.
In light of these claims, PayPal users are urged to take immediate precautions: monitor account activity closely, change their PayPal passwords without delay, and update any other accounts where the same password might have been used. Taking these steps can significantly reduce the risk of falling victim to fraud or unauthorized transactions.