Nearly 16 million PayPal login credentials, including emails and passwords, have been found for sale on the dark web, with the data reportedly exposed as recently as May 2025. The seller is asking for $750 for the stolen information. While PayPal acknowledges the incident, it characterizes the breach as stemming from older data, though the authenticity and origin remain under debate. Security experts advise users to change their passwords immediately and enable two-factor authentication to mitigate risks, especially given the potential for automated attacks and password reuse vulnerabilities. Separately, the French retail giant Auchan has confirmed a cyberattack compromising hundreds of thousands of its loyalty account data. In response, Auchan has deactivated its Waaoh loyalty cards and warned customers of an anticipated phishing wave. This incident contributes to a broader trend of data breaches in France, where over 164 million passwords have recently been reported for sale on the dark web.