How To Recover a Hacked PayPal Account

Learn how to recover your PayPal account if it ever gets hacked and how to avoid breaches in the future.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

If you’re here in a panic because your PayPal has been hacked, there’s good news: it’s possible to recover a hacked PayPal account. The bad news is that the hacker has most likely taken steps to keep you out of your account as long as possible.

In order to fully recover your account, you’ll need to log back in and update your security settings to lock out the hacker for good. Take a deep breath, as we’ll walk you through how to recover from a PayPal hack. We’ll also recommend identity theft protection to keep your login credentials safe from future hackers.

In this article
How to recover your hacked PayPal account
Warning signs your PayPal account was hacked
How to report fraud to PayPal
How to protect your PayPal account
Bottom line

How to recover your hacked PayPal account

If a hacker has breached your PayPal, you should take action immediately. It’s possible to recover a hacked PayPal account, but the sooner you act, the more potential financial and identity theft damage you mitigate.

Follow these steps to recover your hacked PayPal account.

Step 1: Reset your PayPal account password

The first thing hackers will do when they successfully take control of an account is change the password in order to lock the original owner out.

If you can’t log in to your account for this reason, you may still be able to change your password by doing the following:

  1. Open the PayPal app on your phone, or go to PayPal’s official login page in a web browser.
  2. After entering your email address, select the Forgot password? Option.

    PayPal account login page with the box to fill out your password.

  3. Enter your email address and select Next.

    PayPal page for password help with a box to fill our your email address or username.

  4. Select your preferred security check option and click Next.

    PayPal quick security check page to help protect your account.

  5. After completing the security check instructions, you’ll be prompted to create a new PayPal password.

After you change your password, check your security and account settings to make sure the hackers didn’t alter anything else, like your backup email address or contact details. Hackers may exploit some of these settings to access your account.

Step 2: Recover your email address

Hackers may also change the email address attached to a PayPal account to make it even more difficult for the account owner to log back in.

If you’re unable to log in to your PayPal account for this reason, you might be able to change it back with these steps:

  1. In a web browser, go to the PayPal official login page and select Forgot password?.
  2. Enter your email address in the box provided and select Forgot your email?.
  3. You’ll be asked for up to three email addresses you may have used with a PayPal account. Enter at least one email and click Next.

    PayPal prompt to enter 3 emails you may use for PayPal in order to locate your account.

  4. If PayPal finds a match for the email address you entered, you’ll be prompted to log in with your password or create a new one. Choose I need to create a password and complete the instructions that follow.

If you still can’t log in to your PayPal account, you need to contact PayPal directly. Do not call any help lines listed in emails or invoices from PayPal because these may be linked to other PayPal scams. Instead, follow these instructions to call the official PayPal customer service line as a guest:

  1. Navigate to PayPal’s official website, scroll to the bottom of the page and click the link Contact.
  2. Scroll to the bottom of the next page and select Call us listed underneath an image of a phone.

    PayPal's listed contact methods including community forums, resolution center, and phone.

  3. You’ll be prompted to log in (which you cannot), so click call us as guest.

    PayPal page to call customer service with an option to login or call as a guest.

  4. On the next page, PayPal will provide the numbers to its official customer service lines for callers in and outside the U.S.

Be ready to provide your telephone number, email address associated with PayPal, and statements for the bank account or credit card that’s linked with your PayPal account.

Step 3: Update your PayPal account security settings

Once you’ve regained control of your PayPal account, you’ll want to immediately update certain settings to prevent further account breaches. Consider performing the following actions.

First, change your password to a stronger one. Include a mix of numbers, letters, and symbols and try for at least 12 characters.

Then, enable two-factor authentication (2FA) for an extra layer of security. This step only takes a few moments but is instrumental in preventing unauthorized access to your account. 2FA also acts as an alarm bell, notifying you that someone out there is attempting to log in to your account.

You should also reset your security questions by doing the following:

  1. Go to the PayPal website.
  2. Navigate to the settings menu by clicking the gear icon in the top-right corner of your dashboard.
  3. Click the Security tab.
  4. Select Update next to the “Security questions” section.
  5. Choose new security questions and click Save.

Finally, review your account information and recent activity to see if the hacker performed any other alterations or actions. Be on the lookout for changes to your contact information (such as backup email address and phone number) and personal details as well as any unrecognized pending or approved transactions.

Warning signs your PayPal account was hacked

Here is a list of red flags that could indicate a potential PayPal account breach:

  • Trouble logging in: The first sign your account has been breached is when you cannot log in. Hackers commonly change the login credentials associated with PayPal accounts to give themselves more time to plunder the account.
  • Unfamiliar transactions and transfers: Unrecognized suspicious activity is a hallmark signal that your account has been accessed and used by a hacker.
  • Strange notifications: These can include password and email changes and login attempts from unfamiliar devices or locations.
  • Denied payments: You may attempt to buy something only to realize your funds have been completely depleted because of a data breach.
  • Unfamiliar devices: You can view and manage the devices used to log in to your PayPal account in Security Settings > Manage your logins. If there are unrecognized devices, browsers, or IP addresses listed, then someone has successfully hacked into your account.

How to report fraud to PayPal

It’s always a good idea to report any suspicious or fraudulent activity to PayPal. The steps to report fraud are different depending on what platform you’re using.

To report unauthorized activity or transactions on the PayPal app:

  1. Select Wallet.
  2. Select Activity.
  3. Choose the payment you wish to report.
  4. Select Report a Problem.
  5. Choose the reason for the report and follow the instructions.

To report unauthorized activity or transactions if you are using PayPal on a web browser:

  1. Navigate to the Resolution Center.
  2. Select Report a problem.
  3. Choose the payment you wish to report and select Continue.
  4. Select “I want to report unauthorized activity.”
  5. Complete the instructions that follow to report the activity.

Will PayPal refund me if I get scammed?

Yes, PayPal will refund you through its Purchase Protection program if you get scammed. You're covered through Purchase Protection if:

  • You were charged for something you never purchased, which includes someone hacking your account and using it without your knowledge or approval.
  • Your order never arrives.
  • Your order arrives and is significantly different from how it was advertised or described.

For unauthorized transactions, Purchase Protection stipulates that you must notify PayPal within 60 days of the transaction in order to be eligible for a refund. For instances where an ordered item never arrives, or arrives significantly different than advertised, PayPal requires that you file a dispute within 180 days of your purchase or payment.

Once a dispute is opened, a hold is placed on the sale’s funds, and you and the seller are given 20 days to settle the matter. If an agreement cannot be reached, you can escalate the dispute to a claim, which puts PayPal in charge of both the investigation and outcome of the settlement.

How to protect your PayPal account

Cybercriminals never stop coming up with new and inventive ways to scam people, so keep these cybersecurity best practices in mind to protect your PayPal account:

  • Avoid clicking suspicious links, even if they are in official-looking emails from PayPal: These can contain malware intended to give hackers access to your device and personal information — or even give them the ability to log your keystrokes.
  • Don’t call customer service numbers in emails, texts, or other direct messages: Even emails that come from the official PayPal address may be linked to scams. If you need to contact PayPal’s customer service line, always manually search for the number from PayPal’s official website.
  • Use strong, varied passwords: Use long, complex passwords and never reuse them. Consider using a password manager to help you keep track of all your passwords.
  • Activate 2FA: While it may seem slightly inconvenient, triggering an extra verification request each time you log in is crucial to keeping hackers out of your account.
  • Never give out personal information: PayPal gives sellers and buyers everything they need to successfully carry out transactions. There is never a good reason to give someone additional information about yourself or your account.

Best identity theft protection for financial accounts

When a hacker gets control of your PayPal, they gain access to your linked bank accounts and some of your personally identifiable information (PII). This data can help them steal your identity.

Be proactive in the fight against identity theft and consider using one of our favorite identity theft protection services:

  • Aura: A well-rounded identity theft protection service that leverages artificial intelligence (AI) to combat identity theft. It comes with antivirus, virtual private network (VPN), and family plans that can help defend against child identity theft as well.

    Get Aura | Read Our Aura Review
  • LifeLock: LifeLock offers unique features including 401(k) and investment account activity alerts, bank account takeover alerts, home title monitoring, and more. You also have the option of bundling in Norton antivirus with certain plan add-ons.

    Get LifeLock | Read Our LifeLock Review
  • Identity Guard: Identity Guard excels at fraud monitoring and reporting. It has a clean interface design, includes a password manager, and is affordable and easy to use.

    Get Identity Guard | Read Our Identity Guard Review

Editorial Rating
Learn More
On Aura Identity Theft's website
Aura Identity Theft
Up to 68% off Family Annual Plans
  • Excellent identity theft protection service
  • Includes a password manager and VPN
  • Robust tools for children’s security
  • Provides VantageScore and not FICO score updates



What happens if someone hacked into my PayPal account?

If someone hacked into your PayPal account, they could make unauthorized transactions. They could also access any personal information or details you have associated with the account.


Can hackers steal money from PayPal?

Yes, if hackers gain access to your account, they can steal money from you. It's important to always use strong passwords and 2FA as well as monitor your accounts for any unauthorized activity.


How do hackers get into your PayPal account?

The most common way hackers get into PayPal accounts is through phishing schemes. In these schemes, hackers posing as PayPal send bogus emails to fool victims into giving up login information, clicking links that have malware in them, or calling fake customer service lines. If you reuse old passwords and don’t use 2FA, hackers have a much better chance of getting into your PayPal account.

Bottom line

If your PayPal account has been hacked, first change your password ASAP. If you cannot log in to your account because your email has been changed, either follow our instructions on how to recover your email address or contact PayPal immediately to recover it.

Once you regain control of your account, change your password, update your security questions, set up 2FA, and check your account activity for any alterations or transactions the hackers may have enacted.

Remember that staying safe online means being proactive and equipping yourself with the right knowledge and tools. If you primarily access PayPal on your mobile device, consider investing in the best antivirus for iPhone or Android to ensure your smartphone is safe.

Editorial Rating
Learn More
On Aura Identity Theft's website
Aura Identity Theft
Up to 68% off Family Annual Plans
  • Excellent identity theft protection service
  • Includes a password manager and VPN
  • Robust tools for children’s security
  • Provides VantageScore and not FICO score updates

Author Details
Juliana Kenny is a seasoned writer with over a decade of experience in cybersecurity topics. She holds a B.A. in English with a concentration in Irish Literature, a B.A. in French, and a minor in Art History. Since 2010, she has explored the dynamic intersection of technology and security, specializing in endpoint security, cloud security, and networking technologies like secure access service edge (SASE).