- PayPal Loan App Bug Exposed Sensitive Customer Data for Five Months
- Some accounts saw unauthorized transactions; victims refunded and password reset
- PayPal offers two years of free credit monitoring through Equifa
A mistake in the coding of a PayPal application left some customers’ data exposed and even led to some fraudulent transactions, the e-commerce company confirmed.
PayPal recently notified a subset of its customers that it identified an error in their PayPal Working Capital Loan (PPWC) application, which functions as a business financing product, providing eligible businesses with a cash advance, based on their PayPal sales history.
Discovered on December 12, 2025, the bug was leaking sensitive data for more than five months, between July 1, 2025 and December 13, 2025, including usernames, email addresses, phone numbers, business addresses, Social Security numbers (SSN), and dates of birth.
Unauthorized transactions
This is a powerful combination of data that can easily be leveraged in a phishing email, tricking users into providing their login credentials and therefore also access to funds.
To make matters worse, it appears that the bug itself also granted malicious actors access to other people’s funds. In the warning email, PayPal said that “some customers experienced unauthorized transactions on their account.”
We don’t know how many “some” there actually are, but PayPal emphasized that the unauthorized access was revoked and the victims reimbursed. It also said that all victims’ passwords were reset and the change in code responsible for the intrusion was reverted.
“We have not delayed this notification as a result of any police investigation,” PayPal added.
The company also understands the power of personally identifiable data (PII), which is why it offers two years of free credit monitoring and identity restoration services through Equifax. This is, more or less, standard practice in incidents like this.
Finally, the company urged all customers to remain alert to incoming emails and to use extreme caution when clicking on links or downloading attachments.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
