If your PayPal Password wasn’t included in any of the previous lists that were snatched up from a data breach, it’s likely it is out there in a list that’s for sale now. A list of a whopping 15.8 million passwords, supposedly from PayPal accounts is being offered for sale by a hacker going by the name of Chucky_BF at a bargain basement price of $750. Now that’s a sale!
The passwords are in plain text, which give researchers the suspicion that they weren’t actually taken from PayPal—they don’t store passwords in plain text. The thought is that it’s a list of passwords taken in other ways, such as via infostealers and aren’t actually PayPal passwords, but perhaps from accounts such as Gmail, Yahoo, or other email account passwords that are being sold as PayPal. And, they may truly belong to PayPal accounts, because people do tend to reuse passwords for multiple accounts. And what do we say about that? Don’t. Just don’t.
First things first: If you have a PayPal account, and especially if you’re not using multi-factor authentication (and you should be), change your password. Use something strong, hard to guess, and that isn’t relatable to you. Don’t use your kids’ names or your birthdate. Whatever you do, don’t use “12345678” or some variation of that. It’s still the most commonly used and easy to guess password. Use letters, numbers, and special characters.
Next: If you use the same password for multiple accounts, go back and change them so they are all unique.
Last: Look out for phishing of all kinds. Look for scam texts, email messages, and even voice calls. With the help of AI, phishing is even succeeding in video calls.
At the end of the day, whether or not these passwords are really PayPal’s, the threat is the same. Criminals count on password reuse and weak security habits to cash in. Don’t give them the opportunity. Update your passwords, turn on multi-factor authentication, and treat every suspicious message with caution.
SUBSCRIBE TO WEEKLY NEWSLETTER
