Key Takeaways
- US 30-year fixed-rate mortgages remained unchanged at 6.58% for the week ending August 21, according to Freddie Mac, holding at its lowest level in nearly 10 months.
- Nearly 16 million PayPal (PYPL) login credentials, including emails and plaintext passwords, were reportedly exposed on the dark web; however, PayPal denies this is a new breach, attributing it to a 2022 incident.
- Donald Trump declared a "total victory" after a New York appellate court reportedly threw out the Letitia James civil fraud case, which had initially sought over $550 million in penalties.
Mortgage Rates Hold Steady Amid Economic Uncertainty
The U.S. housing market saw stability in borrowing costs this week, as the average 30-year fixed-rate mortgage held steady at 6.58% for the period ending August 21, 2025. This rate, reported by Freddie Mac, is unchanged from the previous week and marks the lowest level in nearly 10 months. The consistency in rates comes as financial markets anticipate potential interest rate cuts from the Federal Reserve, though macroeconomic data has been mixed.
This stability is an encouraging sign for prospective homebuyers who have faced persistently high financing costs. While purchase application activity is improving, many homebuyers continue to wait on the sidelines for rates to decrease further. The 15-year fixed-rate mortgage, popular for refinancing, also saw a slight dip, averaging 5.69% this week, down from 5.71% previously.
PayPal Denies New Breach Amid Dark Web Credential Leak Claims
Cybersecurity concerns have emerged for PayPal (PYPL) users after claims surfaced on the dark web of nearly 16 million login credentials being exposed. The alleged data dump reportedly includes login emails and plaintext passwords, posing a significant risk for credential stuffing attacks and phishing schemes.
However, PayPal has vehemently denied that this constitutes a new data breach. The company asserts that the claims are related to a security incident from 2022, specifically a large-scale credential stuffing attack that affected approximately 35,000 accounts. Cybersecurity researchers suggest that the data, if legitimate, might have been collected via infostealer malware or could be recycled from older breaches, indicated by a surprisingly low selling price on the dark web. Users are advised to enable multi-factor authentication and practice strong password hygiene.
Trump Claims "Total Victory" in Letitia James Case
In political and legal news, Donald Trump announced a "total victory" in the civil fraud case brought against him by New York Attorney General Letitia James. This declaration follows a decision by a New York appellate court to reportedly dismiss the case, which had sought over $550 million in penalties, including interest.
Trump, who has consistently labeled the case a "political witch hunt," posted on Truth Social expressing his respect for the court's decision. The original lawsuit, filed in September 2022, accused Trump and the Trump Organization of inflating his net worth through fraudulent asset valuations to secure financial benefits. The former president has maintained that his business practices were "absolutely CORRECT" and that the case was an act of "Election Interference."
Ed Liston is a senior contributing editor at TheStockMarketWatch.com. An active market watcher and investor, Ed guides an independent team of experienced analysts and writes for multiple stock trader publications.