Have I Been Pwned logs 17.6M victims in Prosper breach

Steven

Have I Been Pwned logs 17.6M victims in Prosper breach

Summary

Have I Been Pwned (HIBP) reports that 17.6 million people may have been affected by a September cyberattack on peer-to-peer lender Prosper. HIBP’s breakdown suggests exposed data includes email addresses and a broad set of personal information such as names, physical addresses, dates of birth, Social Security numbers, government-issued IDs, income and credit-status details, IP addresses and browser user-agent strings. Prosper says customer accounts and funds appear safe but cannot yet validate HIBP’s figures while its investigation continues.

Prosper states the unauthorised access was contained as of 2 September, that it will offer free credit monitoring to affected individuals once the scope is finalised, and that it is cooperating with law enforcement. If HIBP’s tally is accurate, the incident would be among the larger breaches recorded in 2025.

Key Points

  • Have I Been Pwned lists 17.6 million victims linked to Prosper’s September breach.
  • Allegedly exposed data includes emails, names, dates of birth, addresses, Social Security numbers, government IDs, income, credit-status data, IPs and browser user-agent details.
  • Prosper says customer accounts and funds are believed to be safe but cannot yet verify HIBP’s claim.
  • Prosper reports it contained the incident by 2 September and will provide free credit monitoring once impacted individuals are identified.
  • The investigation is ongoing; incident-response verification can take weeks or months to complete.

Context and relevance

Financial-services breaches carry elevated long-term risks, including identity theft, targeted phishing and credit fraud. Have I Been Pwned is a respected tracker, so its reporting should be taken seriously; however, Prosper’s current inability to confirm the scale means the final picture may change as investigators verify the data. Consumers and organisations linked to Prosper should be vigilant and consider precautionary credit protections.

Why should I read this?

Short and blunt: if you have a Prosper account, this could affect you. Even if you don’t, the breach is a useful reminder to check Have I Been Pwned, tighten account security and watch for phishing. We’ve read the detail so you can act without panicking.

Author style

Punchy: big numbers and serious knock-on risks. If confirmed, this is a major incident — follow Prosper’s updates and move quickly if you’re named.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/10/17/prosper_breach/