Prosper Data Breach Impacts 17.6 Million Accounts
Summary
Hackers have breached Prosper, a peer-to-peer lending marketplace, and stolen personal data for an estimated 17.6 million people. The company says Social Security numbers and other sensitive information were obtained after unauthorised queries were made on databases that store customer and applicant data. Prosper detected the breach on 2 September and is still investigating the scope. It says there is no evidence the attackers accessed customer accounts or funds, and it is cooperating with law enforcement. Have I Been Pwned and BleepingComputer have published further details about the incident.
Key Points
- Approximately 17.6 million people affected by the breach disclosed by Prosper.
- Stolen data reportedly includes Social Security numbers, government IDs, names, dates of birth, physical addresses, employment and income details, credit status, IP addresses and browser user agents.
- Prosper detected the incident on 2 September and is still investigating what data was impacted.
- Company states no evidence attackers accessed customer accounts or funds and says customer-facing operations were not affected.
- Prosper will offer free credit monitoring ‘as appropriate’ after determining the affected data and is working with law enforcement.
- Have I Been Pwned has added an entry for the Prosper breach and external outlets (BleepingComputer) have reported on the disclosure.
Content Summary
Prosper — a lending marketplace that has helped over 2 million customers secure more than $30 billion in loans since 2005 — confirmed a data breach that was detected on 2 September. Initial findings show unauthorised queries of company databases resulted in the exfiltration of confidential and personal information, including Social Security numbers. The investigation is ongoing; Prosper has not yet published a full list of exposed fields beyond those already mentioned. The firm says customer accounts and funds do not show signs of unauthorised access and that it has informed the relevant authorities.
Context and Relevance
Large-scale breaches involving financial services firms carry heightened risk because compromised records often include highly sensitive identity and financial data. The exposure of Social Security numbers and government IDs raises the stakes — these items are long-lived and critical for identity theft. This incident follows a broader trend of attacks targeting companies that aggregate personal and financial records, and it emphasises the need for robust database access controls, monitoring and rapid incident response.
Why should I read this?
Short version: if you or someone you know has ever applied for a loan through Prosper, your identity details could be in someone else’s hands — and that is an actual faff to fix. Read this to know what was taken, what Prosper says it will do, and what steps you should consider (credit monitoring, freezing credit, watching for targeted scams). We’ve skimmed the noise and pulled the bits that matter.
Author’s take
Punchy and plain: this is a significant breach. The presence of Social Security numbers and government IDs in the stolen dataset makes it more than a nuisance — it’s a long-term risk for victims. If you’re responsible for data security, treat this as a reminder to review who can query production databases and how those queries are monitored.