Using passwords leaked from other websites and testing them on PayPal.
Viruses on users' devices that grab login info directly from browsers. 450K Paypal.txt
Security experts, including those from Have I Been Pwned, emphasize that large dumps of plaintext PayPal credentials (like the recent 15.8 million record dump ) typically do not come from PayPal's servers. PayPal does not store passwords in plaintext. Origin of Data: These lists are usually compiled from: Using passwords leaked from other websites and testing
While "450K" lists are common, a verified internal incident occurred between July and December 2025 . A software error in the PayPal Working Capital (PPWC) loan application exposed sensitive PII (SSNs, dates of birth, and names) for about 100 customers , leading to unauthorized transactions that PayPal later refunded. Risks of the File The 14 Latest PayPal Scams (and How To Avoid Them) - Aura PayPal does not store passwords in plaintext