Overview
- A seller using the alias Chucky_BF is offering a 1.1 GB package of email–password pairs and PayPal-related URLs on a cybercrime forum, with a claimed leak date of May 6, 2025.
- Hackread’s review of released samples found repeated entries and a mix of fake, test and apparently real accounts, suggesting uneven data quality.
- Have I Been Pwned founder Troy Hunt says PayPal does not store passwords in plaintext, indicating the logins likely came from endpoint infostealers or recombined older dumps.
- PayPal has not confirmed a new compromise, yet the listing increases the risk of phishing, credential stuffing and account-takeover attempts.
- Consumer guidance urges users to check leak databases, change any reused passwords, enable two-factor authentication or passkeys, and monitor accounts for suspicious activity.