PayPal customer accounts hit by cyberattack
Incident
Summary
Hide ▲
Show ▼
PayPal confirmed unauthorized transactions on the accounts of a small number of customers, adding direct financial harm to the broader breach. The company said it issued refunds to affected users and reset passwords for impacted accounts. The incident matters because it shows the event was not limited to data exposure; it also produced account-level monetary loss.
Related Happenings
Refund-fraud communities commoditize refund abuse into a service market
Threat Actor Meta
First: 18.03.2026 16:05
Last: 18.03.2026 16:05
Sources 1
About this happening:
Underground fraud communities have **commoditized refund abuse** into a service market, increasing losses for **retailers and payment platforms**. Sellers now package **methods, t...
Refund-fraud communities commoditize refund abuse into a service market
Threat Actor MetaAbout this happening: Underground fraud communities have **commoditized refund abuse** into a service market, increasing losses for **retailers and payment platforms**. Sellers now package **methods, t...
2024 Retail refund fraud losses across retailers and payment platforms
Target Trend
First: 18.03.2026 16:05
Last: 18.03.2026 16:05
Sources 1
About this happening:
**Refund fraud** has become a major loss trend for **retailers** and **e-commerce payment ecosystems**, with **2024** return volume reaching **$685 billion** and an estimated **$1...
2024 Retail refund fraud losses across retailers and payment platforms
Target TrendAbout this happening: **Refund fraud** has become a major loss trend for **retailers** and **e-commerce payment ecosystems**, with **2024** return volume reaching **$685 billion** and an estimated **$1...
PayPal customers data exposed after PayPal breach
Data Leak
First: 20.02.2026 15:12
Last: 20.02.2026 15:12
Sources 1
How related:
On December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital ("PPWC") loan application, the PII of a small number of customers was exposed to unauthorized individuals during the timeframe of July 1, 2025 to December 13, 2025,
About this happening:
PayPal disclosed a **data leak** in its **PayPal Working Capital (PPWC) loan application** that exposed a **small number of customers' PII** for nearly **six months**. The exposed...
PayPal customers data exposed after PayPal breach
Data LeakHow related: On December 12, 2025, PayPal identified that due to an error in its PayPal Working Capital ("PPWC") loan application, the PII of a small number of customers was exposed to unauthorized individuals during the timeframe of July 1, 2025 to December 13, 2025,
About this happening: PayPal disclosed a **data leak** in its **PayPal Working Capital (PPWC) loan application** that exposed a **small number of customers' PII** for nearly **six months**. The exposed...
Phishing-led RMM abuse campaign using fake PayPal alerts
Campaign
First: 14.01.2026 18:00
Last: 14.01.2026 18:00
Sources 1
About this happening:
A **phishing-led intrusion campaign** is abusing legitimate **RMM tools** to move from personal accounts into corporate environments, creating stealthy remote access and persisten...
Phishing-led RMM abuse campaign using fake PayPal alerts
CampaignAbout this happening: A **phishing-led intrusion campaign** is abusing legitimate **RMM tools** to move from personal accounts into corporate environments, creating stealthy remote access and persisten...
Timeline
-
20.02.2026 15:12 2 articles · 3mo ago
PayPal detects unauthorized transactions on a small number of customer accounts
Victim Impact UpdatePayPal detected unauthorized transactions on a small number of customer accounts as a direct result of the PayPal Working Capital (PPWC) loan app incident and issued refunds to affected users; the company also reset passwords for impacted accounts and prompted users to create new credentials at next login if needed.
Show sources
- PayPal discloses data breach that exposed user info for 6 months — www.bleepingcomputer.com — 20.02.2026 15:12
- PayPal discloses data breach that exposed user info for 6 months — www.bleepingcomputer.com — 20.02.2026 15:12