- PayPal loan app flaw exposed sensitive customer data for five months
- Some accounts saw unauthorized transactions; victims refunded and passwords reset
- PayPal offers two years of free credit monitoring via Equifa
A flaw in the coding of a PayPal app left some customers’ data exposed and even resulted in a few fraudulent transactions, the e-commerce company has confirmed.
PayPal recently notified a subset of its customers that they identified an error in their PayPal Working Capital (PPWC) loan application, which operates as a business financing product that provides qualifying businesses with a cash advance based on their PayPal sales history.
Discovered on December 12, 2025, the flaw leaked sensitive data for more than five months, between July 1, 2025 and December 13, 2025, including usernames, email addresses, phone numbers, business addresses, social security numbers (SSN), and dates of birth.
Unauthorized transactions
This is a potent mix of data that can easily be exploited in a phishing email, tricking users into giving away their login credentials and thus access to funds.
To make matters worse, it appears that the bug itself also gave malicious actors access to other people’s funds. In the warning email, PayPal said that “a few customers experienced unauthorized transactions on their account.”
We don’t know how many “a couple” there actually are, but PayPal emphasized that the unauthorized access was revoked and the victims were refunded. It also said that all victims had their passwords reset and that the change in code responsible for the breach was rolled back.
“We have not delayed this notification as a result of any law enforcement investigation,” PayPal added.
The company also understands the power of personally identifiable data (PII), which is why it offers two years of free credit monitoring and identity restoration services through Equifax. This is more or less standard practice in cases like this.
Finally, the company urged all customers to be wary of incoming emails and take extra care when clicking on links or downloading attachments.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
