Prosper Data Breach Exposes 17.6 Million Records, Including Social Security Numbers

Prosper, a peer-to-peer lending platform, experienced a cybersecurity incident involving unauthorized access to its systems. The company quickly detected the unauthorized activity, stopped it, and began an investigation with the assistance of a leading cybersecurity firm. The incident resulted in the exposure of confidential customer and applicant data. Prosper has stated that there is no evidence of unauthorized access to customer accounts and funds, and its customer-facing operations remain uninterrupted.

Severity: High

Incident Details And Scope

• When it Happened: Prosper detected unauthorized activity on its systems in September 2025.
• Scope: The incident impacted approximately 17.6 million unique email addresses.
• Attribution: The breach has been attributed to an entity named “Hiron”.
• Investigation and Security: Prosper acted quickly to stop the activity, strengthened its security measures, and engaged a leading cybersecurity firm to investigate. The company has also reported the incident to law enforcement.
• Impact on Accounts/Funds: Prosper has stated there is no evidence of unauthorized access to customer accounts and funds, and customer-facing operations continue uninterrupted.

Data Stolen During The Breach

• Prosper confirmed that “confidential, proprietary, and personal information, including Social Security Numbers,” was obtained through unauthorized queries made on company databases that store customer and applicant data.
• The data compromised in the breach, according to “Have I Been Pwned,” includes a wide range of personal information: Names, Physical addresses, Social Security numbers, Dates of birth, Government issued IDs, Employment statuses, Income levels, Credit status information, IP addresses, Browser user agent details.

Recommendations

1. Prosper customers should be extremely cautious of any unsolicited emails, calls, or texts claiming to be from Prosper, your bank, or other financial institutions, particularly if they ask for personal information or passwords.
2. If you have not changed your Prosper password since 2025, you must do so right away. Add an extra layer of security to your account by enabling 2FA.
3. Utilize Prosper’s offer for complimentary credit monitoring services when they become available. This service will alert you to suspicious activity on your credit file.
4. Regularly review your bank, credit card, and other financial account statements for any unauthorized or unusual transactions.
5. If you have used your Prosper password (or a close variant) on any other website or service, change those passwords immediately.

Source:

• https://haveibeenpwned.com/Breach/Prosper
• https://www.prosper.com/legal/incident-response

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.