An alleged hacker is currently causing a stir: He claims to be offering the login details of over 15 million PayPal accounts for sale on the darknet. This is said to include email addresses and passwords. It is not yet clear whether the data is genuine. PayPal itself has not yet officially commented on the incident. Nevertheless, users should take the issue seriously – because in the worst case, cybercriminals can cause considerable damage with stolen login data.
Why the Situation is so Serious
Even if there is no confirmation yet as to whether the stolen data is genuine, the incident once again shows how great the danger from password and data leaks is. A single insecure password can be enough to open the door to criminals – especially if it is also used for other services.
Past experience has shown that leaked login data is often used in combination with phishing attacks. This allows fraudsters to take over accounts, trigger transactions or steal sensitive information.
Immediate Measures for PayPal Users
Anyone who uses PayPal should act now – as a precaution. Experts recommend implementing the following steps immediately:
- Change password: The password should be changed immediately directly via the PayPal website. If you use the same password for other platforms, you should also replace it there.
- Activate two-factor authentication: With two-factor authentication (2FA), an account is much better protected. Even if a password becomes known, attackers also need a one-time code, which is usually sent via SMS or an authenticator app.
- Check account activity: It is advisable to check recent transactions regularly. Unknown debits or suspicious payments should be reported to PayPal support immediately.
- Caution with emails: Hackers often use the uncertainty after a data scandal to send targeted fake emails. These often contain links that lead to deceptively genuine-looking fake websites. Never click on links in suspicious messages – instead, manually call up the PayPal website in your browser.
Tips for a Secure Password
- A strong password consists of at least 12 characters.
- Upper and lower case letters, numbers and special characters should be mixed.
- Do not use personal data such as dates of birth or names.
- It is best to use a password manager to create complex and unique passwords for each service.
What Users Can Do Now
In addition to securing your own PayPal account, it is also worth protecting the email accounts linked to PayPal. Because if attackers have access to the stored email address, they can not only reset the PayPal account, but also compromise other connected services.
In addition, you should regularly check whether your own email address or passwords have already appeared in known data leaks. Services like “Have I Been Pwned” provide quick information about whether your own data is affected.
Conclusion
Whether the allegedly offered 15 million PayPal login details are genuine remains unclear for the time being. For users, however, this makes no difference: Security should now be the top priority. With strong passwords, activated two-factor authentication and caution with suspicious emails, the risk can be significantly reduced.
