411/68 Monday, October 20, 2025
Have I Been Pwned (HIBP), the well-known data breach notification service founded by security expert Troy Hunt, has revealed that the recent cyberattack against Prosper, a peer-to-peer (P2P) lending platform, may have impacted as many as 17.6 million users. The stolen data reportedly includes a wide range of sensitive personal information, such as full names, addresses, dates of birth, IP addresses, employment status, income levels, credit status, government-issued identification numbers, and technical details like browser user agents. However, reports indicate that customer accounts and funds remain secure, and the attack did not disrupt the platform’s operations.
Prosper, headquartered in San Francisco, acknowledged HIBP’s disclosure but stated that it cannot yet verify the accuracy of the reported figures, as its internal investigation is still ongoing. The company confirmed that “confidential, proprietary, and personal information, including Social Security numbers,” was affected but has not specified the exact number of impacted individuals. Prosper said it responded immediately upon detecting the incident, is working closely with law enforcement, and has committed to offering free credit monitoring services to affected users once the investigation reaches a definitive conclusion.
If the figure of 17.6 million affected users is confirmed, this incident would rank among the most significant data breaches of the year, though not the largest in history compared to JPMorgan Chase (83 million users) or Yahoo (3 billion users). The case underscores the critical importance of strong cybersecurity measures for financial institutions and fintech platforms that manage highly sensitive personal data. Prosper has pledged to strengthen its security controls to prevent similar incidents in the future.
Source https://www.theregister.com/2025/10/17/prosper_breach/
