Link to a trustworthy source, ffs:

https://www.forbes.com/sites/daveywinder/2023/01/21/no-paypal-hasnt-been-hacked-yet-almost-35000-accounts-were-breached/?sh=6b3d53fa3ea7

The answer is an emphatic no; hackers did not breach PayPal. The irony here is that it will have been breaches at other services that were behind the large-scale credential stuffing attack, which led to nearly 35,000 PayPal customer accounts being accessed by an unauthorized third-party criminal actor.

Jake Moore, the global cyber security advisor at ESET, has further advice for concerned PayPal customers among the 34,942 account holders impacted here. "The owners of the affected accounts should by now have been notified, and it would be advisable for those people to remain on high alert due to the amount of personal data that may have been accessed in this unfortunately simple breach. Credential stuffing is an automated process where a threat actor uses reused log-on credentials stolen from subsequent password breaches on another account.