CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Prosper Data Breach Exposes 17.6 Million Accounts

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Prosper, a peer-to-peer lending marketplace, experienced a data breach on September 2, 2025, exposing personal information of 17.6 million accounts. The stolen data includes Social Security numbers, names, government-issued IDs, employment status, credit status, income levels, dates of birth, physical addresses, IP addresses, and browser user agent details. The breach was attributed to a threat actor named Hiron. The company has not found evidence of unauthorized access to customer accounts or funds. Prosper disclosed the breach on September 2, 2025, and has since collaborated with law enforcement and deployed enhanced security controls. The company is offering free credit monitoring to affected individuals once the full scope of the breach is determined.

Timeline

  1. 16.10.2025 22:19 2 articles · 1d ago

    Prosper Data Breach Disclosed

    The breach was attributed to a threat actor named Hiron. Prosper has deployed enhanced security controls and safeguards in response to the breach. Affected customers will receive free credit monitoring once the full scope of the breach is determined.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Qantas Data Breach Affects 5.7 Million Passengers, Executive Pay Reduced

Qantas suffered a data breach in June 2025, exposing personal information of approximately 5.7 million passengers. The breach occurred through a third-party platform used by a customer service contact center. In response, Qantas reduced executive pay by 15%, equating to a $250,000 reduction for CEO Vanessa Hudson. The breach was attributed to the UNC6040 group, affiliated with ShinyHunters, which also targeted other companies using Salesforce as an entry point. The compromised data included names, email addresses, frequent flyer numbers, and some additional personal information. No payment card numbers, financial information, passport numbers, or Qantas account credentials were impacted. Qantas has warned customers of increased scam and phishing activities and has implemented additional security measures.

Open in new tab

Lovesac Data Breach After Ransomware Attack

Lovesac, a furniture retailer, confirmed a data breach impacting an unspecified number of individuals. The breach occurred between February 12, 2025, and March 3, 2025, and involved unauthorized access to internal systems. The company discovered the breach on February 28, 2025, and has offered credit monitoring services to affected individuals. The RansomHub ransomware gang claimed responsibility for the attack, threatening to leak stolen data if a ransom was not paid. Lovesac operates 267 showrooms across the United States and reported annual net sales of $750 million. The stolen data includes full names and other personal information, though the exact details and the number of affected individuals remain undisclosed. The company has not confirmed whether customers, employees, or contractors were impacted.

Open in new tab

TransUnion Data Breach Affects Over 4 Million Customers

TransUnion, a major credit reporting agency, confirmed a data breach that compromised the personal information of over 4 million customers. The breach occurred on July 28, 2025, and was discovered two days later. An unauthorized actor accessed personal data through a third-party application used by TransUnion's US customer support operations. The compromised information was limited to specific data elements and did not include credit reports or core credit information. TransUnion is offering impacted customers two years of free credit monitoring services. The identity of the threat actor remains unknown, and there is no confirmed correlation with other recent security incidents.

Open in new tab

Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

The threat actor, tracked as UNC6395 by Google and GRUB1 by Cloudflare, exploited OAuth tokens associated with the Drift AI chat agent to breach Salesloft and steal data from Salesforce customer instances. The campaign, active from August 8 to at least August 18, 2025, targeted over 700 organizations, including Workiva and Stellantis, and impacted all integrations connected to the Drift platform, not just Salesforce. The attackers exported large volumes of data, including credentials for AWS, passwords, and Snowflake access tokens. Zscaler, Palo Alto Networks, Cloudflare, and Workiva reported data breaches after threat actors accessed their Salesforce instances via compromised Salesloft Drift credentials, exposing customer information. The breach began with the compromise of Salesloft's GitHub account, accessed by UNC6395 from March to June 2025. The threat actor accessed multiple repositories, added a guest user, and established workflows. Reconnaissance activities occurred in the Salesloft and Drift application environments between March and June 2025. The attackers accessed Drift's AWS environment and obtained OAuth tokens for Drift customers' technology integrations. Salesloft isolated the Drift infrastructure, application, and code, and took the application offline on September 5, 2025. Salesloft rotated credentials in the Salesloft environment and hardened it with improved segmentation controls. Salesloft recommends that all third-party applications integrated with Drift via API key revoke the existing key. Salesforce restored the integration with the Salesloft platform on September 7, 2025, except for the Drift app, which remains disabled. Salesloft and Salesforce have taken steps to mitigate the breach, including revoking tokens and removing the Drift application from AppExchange. The breach highlights the risks associated with third-party integrations and the potential for supply chain attacks. UNC6395 demonstrated operational discipline, querying and exporting data methodically, and attempting to cover their tracks by deleting query jobs. The targeted organizations included security and technology companies, suggesting a broader strategy to infiltrate vendors and service providers. The campaign is limited to Salesloft customers who integrate their own solutions with the Salesforce service. There is no evidence that the breaches directly impacted Google Cloud customers, though any of them that use Salesloft Drift should review their Salesforce objects for any Google Cloud Platform service account keys. The threat group ShinyHunters and Scattered Spider claimed responsibility for many of those attacks, and vishing attacks have been cited as the means of compromise. Google disclosed that UNC6040 breached one of its Salesforce instances using these tactics. The UNC6395 Salesloft Drift activity is separate from the vishing attacks attributed to UNC6040. Okta successfully defended against a potential breach by enforcing inbound IP restrictions, securing tokens with DPoP, and using the IPSIE framework. Okta recommends that organizations demand IPSIE integration from application vendors and implement an identity security fabric. Palo Alto Networks' Unit 42 advised organizations to conduct immediate log reviews for signs of compromise and rotate exposed credentials. Okta suggests reducing the blast radius of a single entity breach by constraining token use by IP and client and ensuring granular permissions for M2M integrations. The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations' Salesforce environments to steal data and extort victims. UNC6040 is a threat actor that specializes in voice phishing or vishing and recently was observed using social engineering to pose as IT support staff to get into Salesforce environments. UNC6395 is best known for using stolen OAuth tokens from Salesloft's Drift application, which has a Salesforce integration, to steal sensitive data from hundreds of Salesforce environments earlier this year. The FBI's latest advisory provides additional context into the technical aspects of the threat campaigns, particularly UNC6040's activity, which began last fall. The advisory also includes indicators of compromise, including IP addresses and URLs associated with the two campaigns.

Open in new tab

Farmers Insurance Data Breach Affects Over 1 Million Customers

Farmers Insurance, along with its affiliated companies and subsidiaries, experienced a data breach through a third-party vendor. The breach occurred on May 29 and was discovered the following day. Over 1 million customers were affected. The compromised data included personal information, although the specific details have not been disclosed. The incident was detected by the vendor's monitoring tools, which allowed for quick containment measures. The company has notified law enforcement and is offering affected individuals two years of complimentary identity monitoring services. The breach was detected on May 30, and the investigation concluded on July 24. The unauthorized access involved a third-party vendor's database containing customer information.

Open in new tab