Prosper Data Breach Exposes Sensitive Information of 17.6 Million Individuals
Prosper, a prominent peer-to-peer lending marketplace, suffered a significant data breach in September 2025, resulting in the exposure of sensitive personal information belonging to 17.6 million customers and loan applicants. The breach was detected on September 2, 2025, and was publicly disclosed by Prosper, which confirmed that unauthorized access to their systems had occurred. The compromised data includes a wide range of personally identifiable information such as names, email addresses, dates of birth, Social Security numbers, government-issued IDs, employment statuses, income levels, credit status information, physical addresses, IP addresses, and browser user agent details. Prosper stated that, despite the breach, there was no evidence that customer accounts or funds were accessed or compromised. The company’s customer-facing operations remained uninterrupted throughout the incident. Prosper has reported the breach to relevant authorities and is actively collaborating with law enforcement agencies to investigate the attack. The company is still determining the full scope of the data affected and has committed to providing free credit monitoring services to impacted individuals once the investigation clarifies the extent of the exposure. The breach was added to the Have I Been Pwned database on October 16, 2025, which helped reveal the scale of the incident, specifically the number of unique email addresses involved. Prosper has advised all users to change their passwords if they have not done so since the breach and to enable two-factor authentication for enhanced security. The company has also published a dedicated FAQ page to address customer concerns and provide ongoing updates. The attackers reportedly accessed the data through unauthorized queries on company databases that store customer and applicant information. Prosper emphasized that resolving the incident is a top priority and pledged to share additional information with customers as the investigation progresses. The breach has raised concerns about the security of financial services platforms and the protection of sensitive customer data. Security experts recommend that affected individuals monitor their credit reports and remain vigilant for signs of identity theft. The incident underscores the importance of robust cybersecurity measures and timely breach notification in the financial sector. Prosper’s response and transparency in handling the breach will be closely watched by regulators and customers alike. The breach has significant implications for the privacy and security of millions of individuals whose data was entrusted to the platform.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Have I Been Pwned adds Prosper breach with 17.6 million emails
In mid-October 2025, Have I Been Pwned reported the Prosper breach and said the exposed dataset contained 17.6 million unique email addresses. Reports said the compromised data included names, dates of birth, physical and email addresses, Social Security numbers, and credit, employment, and income information.
Prosper says it is adding stronger security controls
Following the breach disclosure, Prosper said it was implementing stronger monitoring, alerting, and other security controls in response to the incident. This was part of the company's remediation effort while the investigation continued.
Prosper publishes breach notification
On 2025-09-17, Prosper published a breach notification disclosing that customer and applicant information had been exposed in the incident. The company said its investigation into what data was affected and to whom it belonged was ongoing.
Prosper detects and responds to unauthorized system access
By early September 2025, Prosper said it had detected unauthorized access to its systems and responded to the incident. The company later stated there was no evidence of unauthorized access to customer accounts or funds and that customer-facing operations were not interrupted.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
Prosper Confirms Data Breach Impacting 17 Million Users
techrepublic.com
Open sourceHave I Been Pwned logs 17.6M victims in Prosper breach
go.theregister.com
Open sourceProsper disclosed a data breach impacting 17.6 million accounts
securityaffairs.com
Open sourceProsper Market Data Breach Affects 17.6M Individuals
govinfosecurity.com
Open sourceOver 17.6M hit by Prosper data compromise
scworld.com
Open sourceProsper Market Data Breach Affects 17.6M Individuals
bankinfosecurity.com
Open sourceHave I Been Pwned: Prosper data breach impacts 17.6 million accounts
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
700Credit Data Breach Exposes Personal Information of Over 5.6 Million Individuals
700Credit, a U.S.-based fintech and data services provider for auto, RV, and marine dealerships, suffered a significant data breach that exposed the personal information of at least 5.6 million people. The compromised data includes names, addresses, dates of birth, and Social Security numbers collected from dealership customers between May and October 2025. The company confirmed that the breach was limited to the application layer and did not impact its internal network or operations. In response, 700Credit has engaged cybersecurity experts, notified affected dealers and consumers, reported the incident to the FBI and FTC, and is offering credit monitoring services to those impacted. The breach was publicly disclosed in December 2025, with regulatory notifications underway and no evidence yet of identity theft or fraud resulting from the incident. The event is part of a broader trend of large-scale data breaches affecting financial services firms, as highlighted by concurrent reporting on similar incidents at other companies. 700Credit is coordinating with state attorneys general and regulatory bodies to ensure compliance and consumer protection in the aftermath of the breach.
Mar 21, 2026
Betterment Social-Engineering Breach Exposes 1.4 Million Customer Records
**Betterment** disclosed that a **social engineering** attack against a **third-party platform account** used for customer communications enabled unauthorized access to internal systems in early January, leading to the exposure of personal data tied to **1,435,174 accounts**. The intruder used the access to send **fraudulent crypto-themed promotional messages** impersonating Betterment and promising to “triple” cryptocurrency sent to attacker-controlled wallets (including **Bitcoin and Ethereum** addresses). Betterment said it revoked the unauthorized access the same day it was detected, warned customers to ignore the messages, and initiated a forensic investigation with external incident-response support. Breach analysis and indexing by **Have I Been Pwned** indicated the exposed dataset included **email addresses, names, and location data**, with reporting also citing additional PII such as **dates of birth, physical addresses, phone numbers, device information, and employment-related details**. Betterment stated there is **no evidence** that customer investment accounts were accessed or that **passwords/authentication tokens** were compromised, characterizing the incident as an exposure of contact/identity data rather than account credentials. Separate reporting noted Betterment also experienced **intermittent outages attributed to a DDoS attack and extortion attempts** around the same period, but this was described as distinct from the social-engineering-driven data exposure.
Mar 21, 2026
PayPal Working Capital Loan App Coding Error Exposed Customer PII
PayPal disclosed that a **coding error** in its *PayPal Working Capital (PPWC)* loan application exposed a small number of customers’ **personally identifiable information (PII)** to unauthorized parties for roughly six months (July 1 to December 13, 2025). The exposed data included business contact details (name, email, phone number, business address) and highly sensitive identifiers such as **Social Security numbers** and **dates of birth**; PayPal said its core systems were **not compromised** and that the issue stemmed from an internal software defect that was later rolled back. PayPal detected the exposure on December 12, 2025, initiated an investigation, blocked the unauthorized access, and required password resets/new credentials for impacted accounts. A small number of affected customers reported **unauthorized transactions**, which PayPal said were **refunded**; reporting indicates approximately **100 customers** were notified. PayPal also stated the notification was **not delayed by law enforcement** and is offering impacted individuals **two years of credit monitoring/identity restoration** services (via Equifax, per reporting) alongside strengthened security checks.
Mar 21, 2026