An alleged hacker is currently causing a stir: He claims to be offering the login data for over 15 million PayPal accounts for sale on the dark web. These are said to include email addresses and passwords. Whether the data is real is still unclear. PayPal itself has not yet officially commented on the incident. Nevertheless, users should take the matter seriously – because in the worst case, cybercriminals can cause considerable damage with stolen login data.
Why the situation is so serious
Even if there is no confirmation yet whether the stolen data is real, the incident once again shows how great the danger of password and data leaks is. Even a single insecure password can be enough to open the door to criminals – especially if it is also used for other services.
The past has shown that leaked login data is often used in combination with phishing attacks. This allows fraudsters to take over accounts, trigger transactions or steal sensitive information.
Immediate measures for PayPal users
Anyone who uses PayPal should act now – even as a precaution. Experts recommend implementing the following steps immediately:
- Change password: The password should be changed immediately directly via the PayPal website. Anyone who uses the same password on other platforms should also replace it there.
- Activate two-factor authentication: With two-factor authentication (2FA), an account is significantly better protected. Even if a password becomes known, attackers also need a one-time code, which is usually sent via SMS or authenticator app.
- Check account activity: It is advisable to regularly check recent transactions. Unknown debits or suspicious payments should be reported immediately via PayPal support.
- Be careful with emails: Hackers often use the uncertainty after a data scandal to deliberately send fake emails. These often contain links that lead to deceptively real-looking fake websites. Never click on links in suspicious messages – instead, open the PayPal website manually in your browser.
Tips for a strong password
- A strong password consists of at least 12 characters.
- Uppercase and lowercase letters, numbers and special characters should be mixed.
- Do not use personal data such as birth dates or names.
- It is best to use a password manager to create complex and unique passwords for each service.
What users can do now
In addition to securing your own PayPal account, it is also worth protecting the email accounts linked to PayPal. Because if attackers gain access to the stored email address, they can not only reset the PayPal account, but also compromise other connected services.
In addition, you should regularly check whether your own email address or passwords have already appeared in known data leaks. Services such as "Have I Been Pwned" quickly provide information about whether your own data is affected.
Conclusion
Whether the allegedly offered 15 million PayPal login data is real remains unclear for now. However, for users, this makes no difference: Security should now be the top priority. With strong passwords, activated two-factor authentication and caution with suspicious emails, the risk can be significantly reduced.
