No, not with just your email address. Your email address is an important piece of the puzzle, though, and possession of your email address provides one-half of the authentication equation. 

Hi, I’m Aaron. I’m a cybersecurity professional with two decades of experience. Securing accounts is a core element of what I do on a daily basis. 

Let’s discuss why your email address is an important but not dangerous element to hacking your PayPal account. 

Key Takeaways

  • Paypal access requires both an email address and a password.
  • If you reuse your password then a hacker could have it and use it with your email.
  • The same thing could happen if you have a short and easy-to-guess password.
  • Complex passphrases and independently used passwords make it more difficult to access your account. 
  • Multi-factor authentication further complicates that access for hackers, making you much safer. 

How PayPal Access Works

When we talk about your PayPal being hacked, what we really mean is that someone gains access to your PayPal account without authorization. Access to a PayPal account is provided via two elements:

  • public information – your email address or phone number
  • private information – your password

That combination provides authentication, which is the validation of your identity using information private to you that only you should know. 

Most online services you use authenticate similarly. Username and password combination authentication are as old as computer-based security itself. It’s been the primary authentication modality since the 1980s. 

There are two reasons for that. The first is that it’s effective. If your password is a secret, then access is only possible by people who know that secret. The second is that it’s easy. Other forms of authentication rely on hardware tokens, biometric elements like your fingerprint, or a rotating code. 

How Your PayPal Account Can Be Hacked

The effectiveness of username and password authentication has been called into question in recent years. There are a few reasons for that.

Computers are increasingly powerful and sophisticated. Twenty years ago, guessing an eight-character password made up of letters, numbers, and special characters was difficult and time-consuming. Brute force attacks rely on cycling through each character to create a password dictionary which can be used to try and gain account access. 

With more sophisticated computers, doing the same today is trivial. What once took years to guess now takes hours. So longer and more complex passwords can be compromised quicker. 

Additionally, hacks are more common and people reuse passwords. Many websites used to store and continue to store username and password combinations in human-readable text. That means hacking one website gives hackers access to that information. If that information is used on multiple websites, then multiple website accounts are now compromised. 

If you give a scammer your email address, they can also send you seemingly legitimate emails designed to steal your password. These email attacks, known as phishing attacks are effective because of their apparent legitimacy. 

So if you have a simple or easy-to-guess password, if you’ve reused your password on multiple websites, or if you fall for a phishing attack, then hacking your PayPal when a hacker knows your email address is easy.

How You Protect Yourself

There are a few ways to protect your accounts from being hacked:

  • Don’t reuse passwords. Use one password on one site only. Don’t use one password on multiple sites. That introduces difficulty because now you need to remember a lot of different passwords. To solve that problem…
  • Use long passphrases. A passphrase is a long password based on things you can remember easily. This is one of the best explanations of that concept. String together seemingly irrelevant terms that you can associate. 
  • Use password managers. Password managers can store your passwords securely or create complex passwords for your accounts. They then help you access those sites. They’re not infallible, but they are effective. 
  • Use multi-factor authentication. Multifactor authentication typically sends you a text or requires inputting a code in addition to your username and password. Multi-factor authentication is also not infallible, but it is also very effective security.

If you want to enable multi-factor authentication for PayPal, after you log into your account…

Step 1: click the gear.

Step 2: click Security.

Step 3: click Set Up.

Follow the on-screen explanation for how to complete setting up multi-factor authentication for your PayPal account. 


Here are some answers to frequently asked questions related to your PayPal account being hacked with your email address. 

Can Someone Hack Your Email With Just Your Email Address?

It’s possible but requires other information. Just as with the PayPal account, email account passwords can be guessed and especially so if they’re simple or reused. The account security advice above applies equally, if not more, to your email account. 

How Do You Know If You are Being Scammed on PayPal?

Scammers use tried-and-true tactics for their various attack modalities. Look for a demand for money coupled with a sense of urgency. You should also pay attention to attachments, which likely contain malicious content or fake web addresses (URLs). 

What Info do I Give Someone to Pay Me on PayPal?

Your email address or mobile number. 


Hackers cannot hack your PayPal with just an email address. They need other information paired with that to hack your account. Simple or reused passwords make it easier to gather that information. Complex and independent passwords coupled with multi-factor authentication make it much harder for your account to be hacked. 

Has your PayPal account been hacked? Let me know in the comments below.