Article Details

Have I Been Pwned: Prosper data breach impacts 17.6 million accounts. Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper. Prosper operates as a peer-to-peer lending marketplace that has helped over 2 million customers secure more than $30 billion in loans since its founding in 2005. As the company disclosed one month ago on a dedicated page (hidden from search engines using noindex and nofollow HTML tags), the breach was detected on September 2, but Prosper has yet to find evidence that the attackers gained access to customer accounts and funds. However, the attackers stole data belonging to Prosper customers and loan applicants. The company hasn't shared what information was exposed beyond Social Security numbers because it's still investigating what data was affected. Prosper added that the security breach didn't impact its customer-facing operations and that it has reported the incident to relevant authorities and is collaborating with law enforcement to investigate the attack. "We have evidence that confidential, proprietary, and personal information, including Social Security Numbers, was obtained, including through unauthorized queries made on Company databases that store customer information and applicant data. We will be offering free credit monitoring as appropriate after we determine what data was affected," the company says. "The investigation is still in its very early stages, but resolving this incident is our top priority and we are committed to sharing additional information with our customers as appropriate." While Prosper didn't share how many customers were affected by this data breach, data breach notification service Have I Been Pwned revealed the extent of the incident on Thursday, reporting that it affected 17.6 million unique email addresses. The stolen information also includes customers' names, government-issued IDs, employment status, credit status, income levels, dates of birth, physical addresses, IP addresses, and browser user agent details. When BleepingComputer reached out to Prosper with questions about the incident, a spokesperson said the company is aware of Have I Been Pwned's report but "is not able to validate" it. "The investigation to determine what data was affected and to whom it belongs remains ongoing. We will be offering free credit monitoring as appropriate after we determine what data was affected," the Prosper spokesperson added. The Security Validation Event of the Year: The Picus BAS Summit Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation. Don't miss the event that will shape the future of your security strategy