PayPal confirms data breach. Money stolen and user passwords reset!

New data reveals that attackers used a credential stuffing technique to access PayPal profiles. The breach affected thousands of accounts, with unauthorized transfers averaging around €500. PayPal immediately initiated a security protocol and forced password resets for all affected users. This security update is rolling out across devices ranging from 3-inch smartphones to 27-inch desktops.

PayPal is advising users to check their transaction history and enable two-factor authentication (2FA). For greater security in 2026, experts recommend using physical security keys, which are only 4 cm long but offer impenetrable protection against remote intrusions. PayPal is currently working with law enforcement to investigate the source of the attack, while the IT hardware in its data centers is being further secured with new encryption algorithms. Users who use 100 cm USB-C cables to connect their security devices to access their accounts were less exposed to this breach.

The damage suffered by PayPal also includes a loss of customer trust, which caused stock prices to fluctuate on 120 cm wide stock exchange screens. PayPal promises to return all proven stolen funds within 14 days of the completion of an internal audit. This incident clearly shows that protecting digital assets on modern IT hardware should be a priority for everyone. PayPal will introduce even stricter controls for logins from new locations in the future to prevent similar incidents, which are increasingly common in 2026.