Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Prosper disclosed a data breach impacting 17.6 million accounts

Threat actors stole personal data, including names, IDs, and financial details from Prosper, affecting over 17M users. Prosper is a U.S.-based peer-to-peer lending platform that connects individual borrowers with investors. Founded in 2005 and headquartered in San Francisco, Prosper allows people to apply for personal loans online, while investors can fund portions of those loans […]

Prosper

Threat actors stole personal data, including names, IDs, and financial details from Prosper, affecting over 17M users.

Prosper is a U.S.-based peer-to-peer lending platform that connects individual borrowers with investors. Founded in 2005 and headquartered in San Francisco, Prosper allows people to apply for personal loans online, while investors can fund portions of those loans to earn interest. It was one of the first major P2P lending marketplaces in the U.S.

The company disclosed a data breach that impacts 17.6 million accounts. According to the data breach notification service Have I Been Pwned (HIBP), stolen data includes names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information.

“In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers.” states HIBP. “Prosper advised that they did not find any evidence of unauthorised access to customer accounts and funds, and that their customer-facing operations were uninterrupted. “

The company notified law enforcement and is investigating the incident with the help of a leading cybersecurity firm.

Prosper said customer accounts and funds remain secure and operations are unaffected. Hackers accessed databases containing personal and proprietary data, including Social Security numbers. The company plans to offer free credit monitoring once the impacted data is confirmed.

“Recently, we discovered unauthorized activity on our systems. As soon as we detected this, we acted quickly to stop the activity and strengthen our security measures, and we began working with a leading cybersecurity firm to investigate what happened. We also reported the incident to law enforcement and have offered our full cooperation.” reads the notice published by the company.

“There is no evidence of unauthorized access to customer accounts and funds, and our customer-facing operations continue uninterrupted. We have evidence that confidential, proprietary, and personal information, including Social Security Numbers, was obtained, including through unauthorized queries made on Company databases that store customer information and applicant data. We will be offering free credit monitoring as appropriate after we determine what data was affected. We continuously monitor accounts and have strong safeguards in place to protect customers’ funds.”

The investigation into the incident is still ongoing. At this time, no ransomware groups claimed responsibility for the attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)