- PayPal bug in lending app exposed sensitive customer data for five months
- Some accounts have seen unauthorized transactions; victims reimbursed and password reset
- PayPal offers two years of free credit monitoring through Equifa
An error in the coding of a PayPal app left some customers’ data exposed and even led to a few fraudulent transactions, the e-commerce company has confirmed.
PayPal recently informed a subset of its customers that it had identified a bug in its PayPal Working Capital (PPWC) lending application, which functions as a business financing product, offering eligible businesses a cash advance, based on their PayPal sales history.
Discovered on December 12, 2025, the bug leaked sensitive data for more than five months, between July 1, 2025 and December 13, 2025, including usernames, email addresses, phone numbers, work addresses, social security numbers (SSN), and dates of birth.
Unauthorized transactions
This is a powerful mix of data that can easily be exploited in a phishing email, tricking users into revealing their login credentials and therefore also gaining access to funds.
To make matters worse, it appears that the bug itself also allowed bad actors to access other people’s funds. In the warning email, PayPal said that “a few customers have experienced unauthorized transactions on their account.”
We don’t know how many there actually are, but PayPal stressed that the unauthorized access has been revoked and victims have been refunded. It also said that all victims had their passwords reset and the code change responsible for the intrusion was reversed.
“We have not delayed this notification as a result of a law enforcement investigation,” PayPal added.
The company also understands the power of personally identifiable information (PII), which is why it offers two years of free credit monitoring and identity restoration services through Equifax. This is more or less standard practice in incidents like this.
Finally, the company urged all customers to remain vigilant for incoming emails and be extra careful when clicking on links or downloading attachments.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
