Investigate potential impact: Evaluate if you're under the influence of the... (no specifics given)
In a concerning development, approximately 16 million PayPal login credentials, including plaintext passwords, have reportedly been obtained by a criminal and are being offered for sale in an underground forum. If you perform a search on Have I Been Pwned (HPI) and receive one or more hits, it is advisable to change your PayPal password immediately.
The Federal Office for Information Security (BSI) recommends the use of password managers as a universal and independent solution for storing passwords securely. Alternatively, you can use the Identity Leak Checker of the Hasso Plattner Institute (HPI) for added security.
It is essential to remember that a password once issued should not be used again for one or more other services. Using a password manager or a password notebook can help ensure the safety of your login credentials. The BSI provides guidance on the use of a password notebook on its website.
For a passwordless login experience, consider adopting passkeys. These are generated automatically and cannot be forgotten or be too weak. Passkeys cannot be stolen, intercepted, or guessed. They can be stored on a security USB stick (FIDO2), in a mobile operating system, or in a compatible password manager.
If you suspect suspicious activities in your PayPal account, contact PayPal immediately and, if necessary, file a report with the local police or the web watch of your respective federal state. Saving account statements and taking screenshots can be useful when filing a report.
It is also advisable to regularly check for compromised passwords and proactively change them to stay ahead of potential attackers. If you fear your login credentials may have been compromised, enter your PayPal account email address at Have I Been Pwned (https://haveibeenpwned.com/).
Lastly, it is worth noting that there is no evidence in the search results indicating an institution that has admitted to offering and confirming the stolen PayPal user data, nor has it been confirmed that these data actually originated from PayPal.
Stay vigilant and secure online!
){kind=link}