Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials

A threat actor using the name Chucky_BF on a cybercrime and hacker forum is advertising what they claim to be a massive PayPal data dump. The post describes a trove labeled “Global PayPal Credential Dump 2025,” allegedly containing more than 15.8 million records of email and plaintext password pairs.

The size of the dataset is said to be 1.1GB, and according to the seller, the leak covers accounts from many email providers and users in different parts of the world. What makes this claim threatening is not just the number of exposed accounts but also the type of data said to be included. Other than the email and password combinations, the seller mentions that many records come with URLs directly linked to PayPal services.

Endpoints like /signin, /signup, /connect, and Android-specific URIs are also referenced in the listing. These details suggest that the dump is structured in a ...