- PayPal bug in loan app exposed sensitive customer data for five months
- Some accounts saw unauthorized transactions; victims reimbursed and passwords reset
- PayPal offers two years of free credit monitoring via Equifa
An error in coding of a PayPal app left some customers’ data exposed and even resulted in a few fraudulent transactions, the ecommerce company has confirmed.
PayPal recently notified a subset of its customers that it identified a bug in its PayPal Working Capital (PPWC) loan application, which works as a business financing product, giving eligible businesses a cash advance, based on their PayPal sales history.
Discovered on December 12, 2025, the bug was leaking sensitive data for more than five months, between July 1, 2025, and December 13, 2025, including user names, email addresses, phone numbers, business addresses, Social Security numbers (SSN), and dates of birth.
Unauthorized transactions
This is a potent mix of data that can easily be leveraged in a phishing email, tricking users into giving away their login credentials and thus access to funds, as well.
To make matters worse, it seems that the bug itself also granted malicious actors access to other people’s funds. In the warning email, PayPal said that “a few customers experienced unauthorized transactions on their account.”
We don’t know how many “a few” actually are, but PayPal stressed that the unauthorized access was revoked, and victims reimbursed. It also said that all victims had their passwords reset, and that the change in code responsible for the intrusion was rolled back.
“We have not delayed this notification as a result of any law enforcement investigation,” PayPal added.
The company also understands the potency of personally identifiable data (PII), which is why it is offering two years of complimentary credit monitoring and identity restoration services through Equifax. This is, more or less, standard practice in incidents such as this one.
Finally, the company urged all customers to remain vigilant of incoming emails, and to be extra careful when clicking on links or downloading attachments.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/EsA45qxuqPJArAmhSzGHjc-970-80.png
Source link
