A data breach has leaked the personal and financial information of over 17.6 million people after threat actors compromised the lending platform, Prosper Marketplace.
Since its foundation in 2005, the San Francisco-based peer-to-peer lending platform has helped over 2.3 million people obtain loans amounting to $29 billion.
Prosper said it detected the cyber intrusion on September 2 but was still investigating the incident with the help of external cyber experts to determine its scope and the nature of the stolen information.
However, preliminary results of the investigation confirmed that the attackers had accessed “confidential, proprietary, and personal information, including Social Security Numbers.”
“The investigation is still in its very early stages, but resolving this incident is our top priority and we are committed to sharing additional information with our customers as appropriate,” it stated.
Data breach at lending platform Prosper Marketplace impacts over 17.6 million people
The data breach tracking platform HaveIBeenPwned has confirmed that the data breach affected 17.6 million people, based on the number of unique email addresses. However, 2.8 million email addresses were new, implying that they have not appeared in any previous data breach.
According to HIBP, the data breach leaked customers’ names, government-issued IDs, dates of birth, physical addresses, employment statuses, credit statuses, income levels, device IP addresses, and browser user agent details. However, the lending platform has yet to confirm HBP’s claims, awaiting the results of its ongoing investigation.
Meanwhile, Prosper is offering victims free credit monitoring to prevent fraud stemming from the data breach as a consolation. The lending platform also advised victims to monitor their financial accounts and promptly report any suspicious activity.
Prosper is also working with law enforcement authorities and is actively cooperating to investigate the incident. So far, the lending platform has found no evidence that the attackers have accessed customer accounts or transferred funds, and its customer-facing operations were unaffected, thus ruling out a ransomware attack.
“There is no evidence of unauthorized access to customer accounts and funds, and our customer-facing operations continue uninterrupted,” the company said.
The lending platform also believes that the threat actor’s access was terminated, and no further malicious activity has been detected after the initial incident. Similarly, no evidence suggests that the attackers have misused the stolen information or auctioned it on dark web hacking forums.
“Although Prosper says there’s no evidence of unauthorized account access or stolen funds, breaches involving financial data often have lasting consequences, with issues appearing months or even years later,” warned John Carberry, Solution Sleuth with cybersecurity services provider Xcape.
Nevertheless, Prosper has promised to continuously monitor customers’ financial accounts to secure their funds. The lending platform will also enhance its security controls and monitoring systems to prevent a similar data breach in the future.
“We are enhancing our monitoring of our systems and have implemented enhanced security controls to reduce the likelihood that this happens again in the future,” the company said.
Threat actor and attack vector not disclosed
So far, Prosper has not disclosed the identity of the threat actor, the number of people affected, or the attack vector exploited. Similarly, no hacking group has taken responsibility for the data breach, and the lending platform has not confirmed receiving any ransom demands.
Meanwhile, sources say that the attackers used compromised credentials to breach the lending platform, underscoring the need for phishing-resistant multifactor authentication.
“This event highlights how crucial it is for financial platforms to have strong identity and access management, continuous monitoring, and robust data encryption,” added Carberry. “For organizations, this serves as a reminder to minimize data retention, enforce least-privilege access, and ensure quick breach detection and response to limit damage.”
