Club Benefits
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Daily (Mon-Sun)
Tom's Guide Daily
Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.
Weekly on Thursday
Tom's AI Guide
Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!
Weekly on Friday
Tom's iGuide
Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.
Weekly on Monday
Tom's Streaming Guide
Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
A dataset allegedly containing 15.8 million stolen PayPal credentials, including login emails and plaintext passwords, was posted to a well-known data leak forum this week. Hackers claim the data was stolen in May 2025, but PayPal denies this. In a statement to Tom's Guide, PayPal said the exposed information is related to a "security incident" back in 2022, and not the result of a new breach. Either way, now is as good a time as any to reset your PayPal password just to be safe.
That's because the cybercriminals behind the forum post claim to not only have emails and passwords but also associated URLs, information that could streamline automated credential-stuffing attacks and fuel identity theft schemes. As first reported by Cybernews, the hackers claim the dataset contains thousands of strong, unique passwords, though many are likely reused.
How to stay safe in wake of alleged PayPal data breach
Whether this is a new breach or not, this incident underscores the importance of strong security hygiene, even for those protected by multi-factor authentication. With both emails, passwords, and linked URLs exposed, the dataset is structured to maximize its potential for malicious use.
For PayPal users worried their data may have been compromised, resetting your password should be at the top of your to-do list. If you reuse that same password elsewhere, update those accounts accordingly. While you're at it, get one of the best password managers to generate and store strong, unique passwords across all your apps and services — without having to do the mental gymnastics of keeping track of them all yourself.
If you suspect your personal information has been exposed, consider enrolling in one of the best identity theft protection services. These tools can alert you if your data appears online, help recover funds lost to fraud, and guide you through restoring your accounts and credit.
Lastly, it's essential to keep the best antivirus software installed and up to date across all your devices. Combine this with built-in browser security features and the extra protections included in many antivirus suites, such as VPNs and firewalls, for added peace of mind.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- This spyware is stealing photos on iPhone and Android — protect yourself now
- New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe
- AT&T could pay $7,500 to customers in data breach settlement — how to get yours
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
