In a significant development in one of the year’s largest fintech breaches, new reports released today confirm that Prosper Marketplace, the San Francisco–based peer-to-peer lending platform, suffered a data compromise affecting roughly 17.6 million people. The updated figure, first published by TechRadar and Tom’s Guide, sheds light on the scale of the incident and reveals the breadth of the personal information exposed, including Social Security numbers, government-issued IDs, employment data, and income details.

The new information paints a fuller picture of what began as a quiet internal investigation earlier this month. When Prosper first acknowledged the incident in early October, it described a “cyber intrusion” that had been detected on September 2, 2025, and said that external investigators were working to determine its scope. 

Today’s disclosures go further. According to breach-tracking platform Have I Been Pwned, the exposed data set contains more than 17 million unique email addresses, 2.8 million of which had never appeared in any prior breach. Combined with the inclusion of sensitive financial identifiers, the Prosper incident now ranks among the most consequential U.S. data leaks of the year.

A Quiet Database Intrusion

One of the most striking aspects of the Prosper case is what didn’t happen. There was no encryption of systems, no ransom note, and no service outage. Instead, the attackers appear to have accessed Prosper’s databases directly and issued unauthorized queries to extract customer data. This points to the attackers’ goal: It wasn’t to lock Prosper out of its systems but to quietly collect the raw information that powers its lending models.

Prosper maintains that its customer-facing services, including loan processing and investor dashboards, continued operating normally. “There is no evidence of unauthorized access to customer accounts or funds,” the company said in a statement. “Our top priority remains securing customer data and enhancing our monitoring systems.”

For consumers, that assurance means money in accounts hasn’t been directly tampered with. But for anyone whose information was exposed, the risks extend far beyond account theft. This type of data is the backbone of synthetic identity fraud, a form of financial crime where criminals combine real and fake information to open new accounts in a victim’s name.

How Attackers Likely Got In

While Prosper has not publicly disclosed the attack vector, early investigative sources point to the use of compromised credentials. possibly a service account or employee login that provided access to internal databases. That scenario aligns with industry-wide statistics showing that credential theft remains the leading cause of data breaches.

If true, the incident highlights an all-too-common weakness across financial technology firms: reliance on traditional username-and-password authentication rather than phishing-resistant multifactor authentication (MFA) or strong identity governance. Attackers who gain valid credentials can move quietly within systems, issuing queries that look legitimate to monitoring tools unless strict behavior analytics are in place.

The Scale of the Exposure

Today’s reporting confirms that the stolen data spans an unusually broad range of personally identifiable information (PII):

• Full names and email addresses
• Dates of birth and physical addresses
• Social Security numbers and other government-issued IDs
• Employment status, credit standing, and income level
• IP addresses and browser user-agent strings

That combination creates a complete identity profile, making it one of the more dangerous forms of PII exposure. Unlike a simple password breach, much of this data is unchangeable. (You can reset a password, but not your birthdate or Social Security number.)

Prosper says it is offering free credit monitoring to all affected individuals and is advising customers to monitor their financial accounts closely. For most victims, the real threat may not appear immediately; fraud stemming from this type of breach can surface months or even years later as data circulates in criminal markets.

The Questions That Still Need Answers

Despite the additional detail now public, several key points remain unresolved. Prosper has not confirmed how many of the 17.6 million records included the most sensitive identifiers such as SSNs. Nor has it disclosed the dwell time, which would indicate how long attackers had to extract data.

The company has also not clarified whether the breached data was encrypted at rest or if the attacker accessed plaintext values via legitimate queries. Encryption is often touted as a best practice, but it provides limited protection if credentials used for decryption are themselves compromised.

Another open question is whether any of the stolen information has surfaced on the dark web. So far, researchers monitoring underground marketplaces have reported no verified listings of Prosper data, but such leaks can take time to appear.

The post Prosper Marketplace Data Breach Expands: 17.6 Million Users Impacted in Database Intrusion appeared first on Centraleyes.

*** This is a Security Bloggers Network syndicated blog from Centraleyes authored by Rebecca Kappel. Read the original post at: https://www.centraleyes.com/prosper-marketplace-data-breach-expands-17-6-million-users-impacted-in-database-intrusion/