paypal.com
May 30, 2026
A compiled credential stuffing list of approximately 700,000 email:password pairs labeled as targeting PayPal. The data appears to be a cross-source compilation rather than a direct PayPal breach — credentials are repeated across gmail, hotmail, and yahoo variants of the same username, and many entries contain plaintext passwords sourced from multiple prior breaches. This is characteristic of a combo list assembled for credential stuffing attacks against PayPal accounts.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
700K_Email_Pass_for_Paypal.txt2 columns673,055 rows
File structure
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | high | All values before delimiter contain @ symbol and domain names (gmail.com, hotmail.com, yahoo.com, mail.ru, etc.). Standard email format. | |
| 1 | password | high | All values after delimiter appear to be plaintext passwords or password hashes. Exhibit characteristics of user-chosen passwords (dictionary words, numeric sequences, special characters, leetspeak variations). |
Notes: Standard email:password combo list. Characteristic of credential stuffing dataset with emails repeated across multiple providers (gmail, hotmail, yahoo variants) paired with identical passwords. Some entries contain HTML entities (&, —, ") suggesting data extraction from web sources. One anomalous entry (#slang#:[email protected]) has reversed field order but represents <1% of dataset.