Home / Technology / PayPal Bug Exposes Sensitive Data, Causes Fraud
PayPal Bug Exposes Sensitive Data, Causes Fraud
23 Feb
Summary
- A PayPal loan app bug exposed PII for over five months.
- Sensitive data including SSNs and DOBs were leaked.
- Some users experienced unauthorized transactions; they were reimbursed.
PayPal has disclosed a significant coding error within its Working Capital loan application that led to the exposure of sensitive customer data. This vulnerability, discovered on December 12, 2025, had been actively leaking personally identifiable information (PII) for more than five months, from July 1, 2025, to December 13, 2025.
The compromised data includes user names, email addresses, phone numbers, business addresses, Social Security numbers, and dates of birth. This extensive mix of personal details poses a serious risk for phishing attacks and identity theft.
Adding to the severity, the bug resulted in a few customers experiencing unauthorized transactions on their accounts. PayPal confirmed that these unauthorized access instances have been revoked, and affected customers have been fully reimbursed and had their passwords reset. The specific code change causing the breach has been rolled back.
Recognizing the gravity of the data exposure, PayPal is providing affected customers with two years of complimentary credit monitoring and identity restoration services through Equifax. All customers are urged to remain vigilant against suspicious emails and links.
